Employees’ Personal Information Could be Exposed by New iPhone Feature

Security researchers have identified a potential privacy issue with Apple’s new “Mirroring” feature that could potentially reveal an employee’s personal applications to their company’s software inventory. While the actual data within the apps is not shared, the presence of certain apps could expose sensitive information about the employee.

Jason Soroko, Senior Fellow at Sectigo, detailed the flaw that researchers have uncovered. According to Soroko, “A vulnerability in Apple’s Mirroring feature compromises personal privacy on work Macs. Personal iPhone apps become visible to the company’s IT department, as mirrored apps are treated like native macOS apps. Although app data itself is not shared, the mere fact that certain apps like health or dating services are present can disclose personal information. The issue lies in the fact that the Mirroring feature does not sufficiently separate personal app metadata from corporate software inventories. In environments where device monitoring is common, employees may inadvertently expose their personal app usage.”

The researchers have informed Apple about the problem, and the company is currently working on a solution. In the interim, iPhone users are advised to take precautions to minimize the risk of exposing personal information. Soroko suggests, “To mitigate this risk, it is advisable to refrain from using Mirroring on work devices. Companies should review their policies to address this vulnerability, while Apple needs to implement stricter data isolation to safeguard user privacy in mixed-use scenarios.”