Unmasking the Privacy Risks of Apple Intelligence
3 days ago
- #Data Leakage
- #Apple Privacy
- #Siri Security
- Lumia’s Research Team found that messages dictated via Siri (WhatsApp, iMessage) are sent to Apple servers, not Private Cloud Compute (PCC), with no user control.
- Siri transmits metadata about installed and active apps, audio playback metadata, and precise location data without explicit user consent.
- Apple uses two distinct privacy policies (Siri vs. Apple Intelligence), leading to inconsistent data-handling rules for similar queries.
- Siri scans and reports open apps and sensitive data (e.g., WhatsApp messages, Notion document titles) to Apple servers, bypassing end-to-end encryption claims.
- Apple acknowledged the issue but shifted blame to third-party services like WhatsApp, claiming misuse of SiriKit.
- Enterprises are advised to block Siri domains, disable 'Learn from this app' settings, and monitor AI-related network traffic to mitigate risks.