Privacy

The Electronic Frontier Foundation (EFF) is out with a new campaign that presses tech companies to move faster to protect user data through end-to-end encryption, and stronger defaults and privacy settings. Here are the details.

Publicly available information reveals that Apple was fined a total of $851 million last year for privacy and antitrust violations, down from $2.1B in 2024.

The data was collated by Proton, which reports that it would have taken the iPhone maker just three days, three hours and 28 minutes to pay off the total …

A Californian court has awarded Apple a partial victory in a class action lawsuit alleging that the company violated the privacy of some iPhone owners.

The case followed a security researcher discovering data collection practices by Apple which he described at the time as “shocking” …

An effort led by security research lab CovertLabs is actively uncovering troves of (mostly) AI-related App Store apps that leak and expose user data, including names, emails, and chat history. Here are the details.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Talk of the largest grocer in the world not supporting Apple Pay or any Tap to Pay solution for that matter is making the rounds on social media again, as 9to5Mac noted yesterday. It is worth mentioning that there are real security benefits behind this technology. While the vast majority of users choose tapping for payment because it is quick and easy, there is a lot happening behind the scenes to keep your information private.

Today Apple confirmed a new partnership with Google to power future AI features, including the upcoming Siri overhaul. But how will that impact user privacy? Here’s what Apple says.

Roblox, one of the most popular kids’ apps in the world, is now requiring children as young as nine years old to submit a video selfie for age verification. Update: Following a partial launch in December of last year, the requirement is now being rolled out globally. The company says you will see the update within the next week.

While the developer is doing this for good reasons, it adds further weight to the argument that Apple and Google, rather than individual app developers, should be responsible for age verification …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Let’s say you have screenshots of sensitive information sitting on your desktop that you’d like to password protect. You know that images of tax, banking, wire transfer forms, etc. in the clear can easily be viewed by anyone with physical or remote access to your machine, but you’re unsure how to secure them. Unfortunately, macOS Preview doesn’t support file-level password protection, but there are quick workarounds that don’t require third-party software or downloading anything not already on your Mac.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

When Apple dropped App Tracking Transparency (ATT) prompts in iOS 14.5 back in 2021, it was a watershed moment for user privacy within third-party applications. Nothing like it had existed prior. The initiative gave iPhone users control over whether their in-app data could be aggregated and shared with third parties for advertising or other purposes.

Still, today, I often find comments online from people who don’t really know what it does and find the wording very taboo. Like, why “Ask” the app? And is it still effective? Let’s briefly look at App Tracking Transparency in 2025…

While Apple is currently lobbying against being given a legal responsibility for age verification when it comes to downloading apps, I think the company’s customers would very much benefit from it taking on this role.

Given the company’s track record in finding privacy-respecting approaches to personal data, I would like to see it go even further than the proposals we’ve seen to date …

Many social media apps encourage you to give them access to your contacts. If you do so, they will let you know which of your contacts are on the platform so that you can send them a friend request.

This can be problematic because you may not wish to share your online presence with everybody in your contacts, and because you are effectively sharing the personal data of other people without their consent. Bluesky says its own “privacy-first” approach is different …

Authoritarian governments don’t like their citizens being able to have private conversations using end-to-end encrypted messaging apps. This is the reason Russia has just banned FaceTime, but it was surprising iMessage had escaped a ban.

A potential reason for this has now been discovered: Apple may have accidentally made it almost impossible for a government to ban its end-to-end encrypted text messaging app …

The saga of a mandatory government security app which Apple and Google had to preinstall on their phones didn’t last long after Apple refused to play ball.

The Indian government had already backed down on preventing iPhone owners from deleting the “security” app, and has now made a complete U-turn in the space of just 48 hours …

The Indian government has ordered Apple and other smartphone manufacturers to pre-install a state-owned “security” app on all phones before they are sold to users. Update: As we predicted, Apple has pushed back, but more aggressively by stating outright that it will not comply.

Adding fuel to the privacy fire, the government is also requiring smartphone makers to ensure that the app cannot be removed by users …

If you receive a notification from ChatGPT provider OpenAI that one of its partners has suffered a data breach, it’s likely that your own data is safe. Only those who have an API account may have been affected

The company says it is being transparent by notifying all subscribers, even though only a small subset of them will have been impacted …

A competition regulator has accused Apple of misleading users about the level of privacy offered by the App Tracking Transparency feature. That accusation, while made in good faith, is based on a misunderstanding.

The iPhone maker has responded by saying that it may be forced to withdraw the privacy protection from EU users …

Hackers have obtained customer data from a third-party company used by major Wall Street banks, including JPMorgan Chase and Citi. The disclosure comes just days after a Doordash data breach exposed names, addresses, phone numbers, and more.

SitmusAMC helps banks process mortgage applications and other real estate loans, and says that accounting records and legal agreements have been impacted by the hack …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Plastic webcam covers—especially of the sliding kind—boomed in popularity sometime in the 2010s as a low-tech way to keep hackers from eavesdropping on compromised machines. The concern felt justified at the time. But by 2020, Apple was beginning to issue warnings that those covers aren’t actually needed and can even damage a MacBook’s display.

For this Security Bite, let’s set the tin-foil hats aside and talk about why webcam covers don’t meaningfully improve privacy, can cause features like True Tone to not work properly, and are far more likely to damage your screen than stop someone from spying on you.

A Doordash data breach has exposed the personal data of an unspecified number of customers, including name, phone number, email address, and physical address.

The food delivery company says that it has implemented a number of security measures in response, including reporting the attack to law enforcement …

Update, 7:11 p.m. ET: A Meta representative reached out to 9to5Mac and provided the following statement:

“We are grateful to the University of Vienna researchers for their responsible partnership and diligence under our Bug Bounty program. This collaboration successfully identified a novel enumeration technique that surpassed our intended limits, allowing the researchers to scrape basic publicly available information. We had already been working on industry-leading anti-scraping systems, and this study was instrumental in stress-testing and confirming the immediate efficacy of these new defenses. Importantly, the researchers have securely deleted the data collected as part of the study, and we have found no evidence of malicious actors abusing this vector. As a reminder, user messages remained private and secure thanks to WhatsApp’s default end-to-end encryption, and no non-public data was accessible to the researchers.” 

A massive WhatsApp security flaw exposed the phone number of almost every user on the planet – despite the fact that parent company Meta had been alerted to the vulnerability way back in 2017.

Security researchers were able to use what they described as a “simple” exploit to extract a total of 3.5 billion phone numbers from the messaging service …