Apple Watch exposes IP address of those using Mail Privacy Protection
Testing has shown that the Apple Watch does not play nice with Mail Privacy Protection. It leaks people’s IP addresses even if they have the functionality enabled on their iPhones, iPads or Macs.
Mail Privacy Protection was introduced with the latest round of operating system upgrades in September. Most Apple devices support this. But it seems the Apple Watch doesn’t.
The feature was introduced with security in mind. It can be enabled by going to Settings > Mail > Privacy Protection, and toggling this to “on”.
Essential reading: Top fitness trackers and health gadgets
The fuctionality was designed to give people peace of mind. There are a number of different benefits in enabling Mail Privacy Protection.
For starters, it helps to stop senders collecting information about the users. For example, they will not be able to know when a person has opened their email. Useful when dealing with those pesky marketeers. The feature also masks the users IP address even when they download remote images – so this tactic can’t be used to identify their IP address. Senders typically do this by placing invisible pixels in the email.
Mail Privacy Protection does not work on the Apple Watch
But while this works well on the iPhone, iPad and Mac running the latest version of the operating system – it seems Mail Privacy Protection does not extend to the Apple Watch. An IOS developer and security analyst Tommy Mysk was successful in sending himself an email with an image hosted on his server. Checking Google Analytics, he managed to obtain the IP address utilized to download the image.
He did this with the Mail app on the Apple Watch. Instead of an randomly assigned IP address, he saw his real IP address. Even previewing an email exposes your details. The downloading of images should be routed through a proxy network – and that’s obviously not done on the Apple Watch. Not good.
The Apple Watch is obviously failing to adhire to Mail Privacy Protection policies. It is not yet clear whether this is the way the feature is meant to work. Hard to imagine this could be the case.
More likely it is an oversight on Apple’s part, something that will be patched up in one of the future watchOS updates. For now, it is something for those with Apple Watch’s to be aware of – don’t be lulled into a false sense of security.
Like this article? Subscribe to our monthly newsletter and never miss out!