Beware using Mail on your Apple Watch. Security researchers have found that receiving messages on your wrist compromises Mail Privacy Protection in iOS 15 by revealing your IP address to senders.
Mail Privacy Protection — available across Mac, iPhone and iPad — is designed to prevent this from happening by masking your actual IP address. But it seems that using Mail on Apple Watch completely undermines it.
Apple Watch breaks Mail Privacy Protection
Mail Privacy Protection works by routing all your Mail content through multiple proxy servers then assigning a random IP address based on your region — much like Private Relay does for Safari if you have iCloud+.
This allows message senders to see your general region, but not your exact location. It also prevents them from linking your email activities to other online browsing habits, which could be used to build a profile on you.
Mail Privacy Protection also stops senders from seeing whether you have opened an email, how many times you have viewed it, or if you have forwarded the message. But it would appear there’s one big caveat.
Security researchers Talal Haj Bakry and Tommy Mysk have discovered that when you use Mail on Apple Watch, all of those protections go right out of the window, since Mail Privacy Protection isn’t support in watchOS.
Avoid using Mail on Apple Watch
Apple Watch downloads all remote content, such as images, using your real IP address — even if you have Mail Privacy Protection enabled on iPhone. You don’t even need to open an email for this to happen.
Heads-up: The mail privacy protection introduced in iOS 15 doesn't apply to the Mail app on the Apple Watch. Both the Mail app and the notification preview on the Apple Watch download remote content using your real IP address.#Cybersecurity #iOS pic.twitter.com/o0lh9rPQTd
— Mysk (@mysk_co) November 15, 2021
Although Apple doesn’t advertise Privacy Protection as being supported by watchOS, this still seems like an oversight. And it’s something most Apple Watch users are likely to miss when using the feature to hide their IP address.
The only way to avoid this is by disabling Mail notifications and avoiding the app on watchOS. To block notifications, follow these steps:
- Open the Watch app on iPhone.
- Select Mail.
- Tap Custom, then tap Notifications Off.
Here’s to hoping Apple addresses this in a future watchOS update.