Mail Privacy Protection doesn't work on the Apple Watch

Posted:
in Apple Watch
Apple's Mail Privacy Protection feature doesn't work on the Apple Watch, it is alleged, as while the tracking-prevention system works fine in iOS 15, it doesn't seem to function within watchOS.




Outlined during WWDC 2021 and introduced in iOS 15, Mail Privacy Protection helps prevent an email sender from gaining any information about a recipient's activity within the Mail app, such as when an email is opened. While the system works as expected for iPhone users, the same cannot be said about the Apple Watch.

According to security researcher Tommy Mysk on Twitter, the Mail Privacy Protection features don't apply to the Mail app within the Apple Watch. In a test, it was shown that both the Mail app itself and the notification preview on the Apple Watch downloads remote content included in an email using the device's IP address, allowing for tracking to occur.

It appears that Mail Privacy Protection only applies to the iOS version of the Mail app, and not the Apple Watch.

As the loading of remote content can provide a lot of data to the sender about the recipient's email usage, Mail Privacy Protection attempts to thwart this activity in a number of ways.

Heads-up: The mail privacy protection introduced in iOS 15 doesn't apply to the Mail app on the Apple Watch. Both the Mail app and the notification preview on the Apple Watch download remote content using your real IP address.#Cybersecurity #iOS pic.twitter.com/o0lh9rPQTd

-- Mysk (@mysk_co)


When enabled, remote content is downloaded in the background, rather than at the time the email is accessed, so there is no way for the sender to accurately know when the email was opened. Furthermore, remote content is routed through many proxy servers before reaching the user, preventing the user's IP address from being known.

As the Apple Watch can download the remote content directly without going through Mail Privacy Protection, this means watchOS could be providing similar sorts of data to senders that the iOS feature is trying to limit.

At this time, it is unknown if the problem is a bug within watchOS, or if it hasn't been enabled for Apple's wearable. Information about the feature, largely covers iOS and iPadOS, with no explicit confirmation in marketing materials that it works on the Apple Watch.

AppleInsider has contacted Apple for clarification.

Read on AppleInsider

Comments

  • Reply 1 of 4
    Apple's latest buzz-word strikes again: "Ooooops!!"
    edited November 2021 lkrupp
  • Reply 2 of 4
    chadbagchadbag Posts: 1,651member
    Of course, the number of people who regularly use their watch to read email can provval be counted on one hand...    I tried it, once...

    Of course this should be fixed, but I would be interested to know how often the watch is used for email reading in the real world. 
    mike1
  • Reply 3 of 4
    petripetri Posts: 100member
    chadbag said:
    Of course, the number of people who regularly use their watch to read email can provval be counted on one hand...    I tried it, once...

    Of course this should be fixed, but I would be interested to know how often the watch is used for email reading in the real world. 
    In fairness that’s irrelevant, I’d wager most people get email notifications on their watch even if it’s just a cue to reach for the phone, and those notifications are enough to allow
    tracking to occur - a bit annoying given apple’s boasts on privacy protection.
    watto_cobra
  • Reply 4 of 4
    gatorguygatorguy Posts: 23,365member
    The Apple Watch doesn't make use of iCloud Private Relay either. 
Sign In or Register to comment.