Why Apple's new iPhone mirroring could become a privacy problem for companies
With macOS 15 and iOS 18, Apple has brought a new iPhone remote control to the Mac. However, this generates some sensitive data, as has now been revealed.
iPhone mirroring function: Useful if you don't want to walk to your iPhone.
(Image: Apple)
Anyone using Apple's iPhone mirroring on their Mac, which was released in September, should be aware that it leaves data on the machine. If it is a business computer, this data could then appear in corporate systems if the IT department uses systems to record the software inventory. The security company Sevco warns against this. In practice, potentially sensitive private data from the iPhone would then become accessible in the corporate context.
App stubs on the Mac
iPhone mirroring is new in macOS 15 and iOS 18 and enables remote control of the iPhone from the Mac. The function is available in all countries outside the EU (depending on the location of the App Store ID) and can be useful, for example, if the smartphone is at the other end of the room. It can also be used to directly display notifications on the Mac that would otherwise only appear on the iPhone. In future, drag-and-drop between Mac and iPhone will also be possible.
Videos by heise
During operation, iPhone mirroring relies on so-called app stubs. These are stored in a cache folder and collect numerous metadata from the connected iPhone, including installed apps and their installation date, versions and file descriptions including icons. These can be found using tools such as mdfind. The problem: for software inventory systems, the app stubs look like real apps. If the IT department records the inventory, the private apps from the user's iPhone also end up in the inventory. Sevco cites a company in a country where VPNs are banned as a possible example. The IT department could find out from the Mac that the employee is using them on the iPhone. The same applies to health or dating apps.
Apple has been informed
Sevco has already reported the problem to Apple and has been told that there will be a fix soon. It is generally not advisable to use a private iPhone on a company computer anyway, especially as you need to have entered your Apple ID on the system to connect via iPhone mirroring.
This behavior can also have consequences for companies themselves. "For companies, this error represents a new data risk, as private employee data may be collected. If this error is not corrected, it could lead to violations of important data protection laws, possible legal disputes and measures by authorities."
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
(bsc)
