Apple's iPhone Mirroring bug could expose your personal apps to your employer

1 month ago 40
BOOK THIS SPACE FOR AD
ARTICLE AD
screenshot-2024-06-10-at-1-54-14pm.png
Screenshot by Nina Raemont

Those of you interested in using Apple's new iPhone Mirroring at work may want to hold off for now. As detailed in a report published on Tuesday, cybersecurity software provider Sevco Security uncovered a privacy glitch that could reveal to your employer any apps that you run on your iPhone, including personal ones.

Introduced with iOS 18 and MacOS 15 Sequoia, iPhone Mirroring lets you wirelessly view, access, and control your iPhone from your Mac. The feature is a handy one as you're able to navigate your iPhone and open different apps using your Mac's trackpad and keyboard. However, privacy problems may arise if you use the mirroring at work.

Also: 3 iPhone settings I changed to thwart thieves - and what to do if your phone is stolen

Many enterprise companies and other organizations run an inventory of the applications installed on an employee's computer. This helps them manage their assets and support their security measures. Normally, this type of inventory would be confined to programs on the computer and wouldn't include apps on a mobile device.

But based on Sevco's research, any iPhone app you access on your Mac through iPhone Mirroring does get tracked in your employer's inventory database. This includes work-related apps and personal apps, especially if the iPhone is your own. And this means that your employer can tell which apps you use on your phone.

Also: How to use your iPhone's emergency satellite features if you lose cell coverage

In its report, Sevco explained how this could impact employees.

"For iPhone users, this Apple bug is a major privacy risk because it can expose aspects of their personal lives that they don't want to share or that could put them at risk," Sevco said. "This could include exposing a VPN app in a country that restricts access to the internet, a dating app that reveals their sexual orientation in a jurisdiction with limited protections or legal consequences, or an app related to a health condition that an employee simply does not want to share."

But, employers may also put themselves at risk.

Also: Internet Archive breach compromises 31 million accounts - what you need to know

"For companies, this bug represents a new data liability from potentially collecting private employee data," Sevco added. "If this bug is not addressed, it may lead to violation of major privacy laws such as CCPA (California Consumer Privacy Act), potential litigation, and federal agency enforcement."

Sevco said it notified Apple about the bug, which has identified the cause and is now working on a fix. The firm has also alerted its customers that the issue may result in them collecting and even accessing private employee information.

Also: My biggest regret with updating my iPhone to iOS 18 (and I'm not alone)

"While app data isn't shared, the mere presence of certain apps like health or dating services can reveal sensitive personal information," Jason Soroko, Senior Fellow at certificate lifecycle management firm Sectigo, told ZDNET. "What is being shared is the metadata about the presence of applications on the mirrored iPhone. This issue arises because the Mirroring feature doesn't adequately separate personal app metadata from corporate software inventories."

Until Apple fixes this issue, Sevco urges people not to use iPhone Mirroring on work computers. Companies should also caution their employees to avoid using the feature and should identify any IT systems that collect software inventory from Macs. Once the glitch is resolved, employers should also remove any personal employee data from their inventory to prevent the risk of liability.

Read Entire Article