New iPhone feature could expose employees’ personal information

Cybersecurity researchers have discovered that Apple’s new “Mirroring” feature could expose an employee’s personal applications to their company’s software inventory. Although the data within the apps is not directly shared, the apps could expose private information about the employee. 

Jason Soroko, Senior Fellow at Sectigo, explains the flaw researchers uncovered. “A flaw in Apple’s Mirroring feature compromises personal privacy when used on work Macs. Personal iPhone apps become visible to the company’s IT department, as mirrored apps are cataloged like native macOS apps. While app data isn’t shared, the mere presence of certain apps like health or dating services can reveal sensitive personal information. What is being shared is the metadata about the presence of applications on the mirrored iPhone. This issue arises because the Mirroring feature doesn’t adequately separate personal app metadata from corporate software inventories. In environments where device monitoring is standard, employees risk unintended exposure of their personal app usage.

The researchers have notified Apple of the issue. Currently, Apple is working on fixing the flaw. In the meantime, iPhone users are encouraged to take preventative measures to reduce the risk of exposed private information. Soroko recommends, “To mitigate this risk, avoid using Mirroring on work devices. Companies should revise policies to address this vulnerability, and Apple must implement stricter data segregation to protect user privacy in mixed-use settings.”