Privacy

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

PSA! Starting today (Nov. 3), Microsoft-owned LinkedIn will expand its use of user profile details, posts, and feed activity — excluding private messages — in the UK, EU, Switzerland, Canada, and Hong Kong to train its artificial intelligence models, as well as support personalized ads across Microsoft products.

The good news here: You can opt out of having your, presumably very humble posts and professional achievements, scraped into LLM-training pens.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Update, November 1, 10:59 a.m. ET: Apple has removed the sketchy ChatGPT clone app mentioned below. I’ve also received unverified claims that many other copycats have been taken down too.

Around this time two years ago, OpenAI’s incredibly popular GPT-4 API was spreading like wildfire all over the App Store. It wasn’t long before AI-powered productivity apps, chatbot companions, nutritional trackers, and basically anything else you could think of dominated the charts, garnering millions of downloads. Fast forward to today, many of those vibe-coded, opportunistic apps have disappeared, partly due to cooling hype but also Apple’s tougher stance against knockoffs and misleading apps.

However, this week, security researcher Alex Kleber noticed that one misleading AI chatbot, impersonating OpenAI’s branding, managed to achieve top marks in the Business category. Albeit on the less popular Mac App Store, this is still significant and warrants a brief PSA to be cautious when sharing personal information with these apps.

Security-conscious readers probably already use the data breach alert site Have I Been Pwned, but a new Proton website is aiming to alert you at an earlier stage with what the company says will be near real-time reporting.

The company behind ProtonMail says it has launched the Data Breach Observatory because it can sometimes take too long to find out when your personal data has been made available for sale on the dark web …

In a statement to the German Press Agency, Apple claimed that it may have to turn off App Tracking Transparency in Europe as a result of “intense lobbying efforts”. Here’s why.

A tactic used by a growing number of scammers is to impersonate help centres in order to trick victims into sharing their screens via WhatsApp. By doing so, they can obtain sensitive information like bank account details and verification codes.

Meta says WhatsApp will now intervene when someone attempts to use screen sharing with an unknown contact during a video call. The company will also proactively flag suspicious-looking chats in Facebook Messenger …

The Department of Homeland Security says that Chinese criminal gangs have made more than $1 billion from text scams sent to US phone numbers over the past three years.

Scam texts about fake highway toll payments, US Postal Service fees, and traffic violation fines are used to obtain credit card details. They also trick victims into submitting a one-time code from their bank, which allows the criminals to add the card to Apple Wallet …

Apple recently explained how it will comply with an App Store age verification law in Texas, and it will now face a similar requirement in California.

Apple found a privacy-respecting approach to the Texas law, and it seems that it will be able to adopt a similar one here …

Security researchers at two US universities were able to intercept T-Mobile customer call and text data from completely unencrypted satellite communications.

Researchers were also able to eavesdrop on sensitive government communications, including US military and law enforcement agencies – and they did all of it using nothing more than an $800 off-the-shelf satellite receiver system …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

In this week’s Security Bite, I’m taking it back over 20 years to the launch of Gmail in 2004–because that’s how long its little-known plus addressing (aliasing) feature has quietly existed. It was originally created to help with filtering and keeping inboxes tidy long before spam became what it is today. Google never really promoted it, so most people still don’t realize it’s a thing. But over the years, it’s become popular among privacy-minded folks to track which online services, subscriptions, etc., are selling email addresses to other companies or leaking them.

California Governor Gavin Newsom signed the “California Opt Me Out Act”, which will require web browsers to include an easy, universal way for users to opt out of data collection and sales. Here are the details.

Apple is facing a cybercrime investigation in France over its capture and review of voice recordings to improve the quality of Siri responses.

The probe faces complaints by a human rights organization over a 2019 revelation that Apple was using contractors to listen to voice recordings of Siri interactions by its customers despite its privacy promises …

Direct payments between Venmo and PayPal will finally become possible from November, some 11 years after it was first expected.

While some may find it convenient, it also opens a new route to scammers, so there’s a privacy setting you may wish to change when it goes live …

Neon, the app that pays you to share your audio recordings with an AI system, says that it will return despite its recent massive security breach.

The app shot up the App Store ratings after promising to pay users hundreds or even thousands of dollars per year for allowing their audio conversations to be used to train AI chatbots …

We learned back in February that the British government had secretly ordered Apple to create a worldwide backdoor into iCloud. We said at the time that the demand was “as technically clueless as it is outrageous.”

Apple responded very intelligently, and it seemed from a development last month that the UK had withdrawn its demand. We’re learning today that this isn’t in fact the case …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Earlier this year, Apple announced that it was leading the charge on a cross-industry effort to bring end-to-end encryption (E2EE) to the RCS Universal Profile, which is published by the GSMA. Apple told 9to5Mac in March it would come to the iPhone in a future software update. Google soon after jumped in, stating it too was ‘committed to providing a secure messaging experience.’

I didn’t think it was completely unreasonable to assume we’d see this showcased at WWDC 2025…that didn’t happen. Then I thought maybe in one of the iOS 26 betas? Also nothing. So, what happened to cross-platform E2EE for RCS messaging? Is it still coming?

Researchers have discovered major Tile security flaws that could let both the company itself and a tech-savvy stalker track your location. These arise from two crucial differences between the security used for AirTags and Tile tags.

The flaw could even be exploited to allow a malicious actor to falsely frame a Tile owner for stalking, by making it appear as if one of your Tile tags is constantly in the vicinity of somebody else’s tag …

Earlier today, we covered the skyrocketing success of Neon, an app that pays users in exchange for recording their phone calls. Now, the app has gone offline, following the discovery of an egregious security breach. Here are the details.

A bizarre app that invites you to record and share your audio calls so that it can sell the data to AI companies has become the second most downloaded social app in the app store.

Neon Mobile says that users can sell their privacy for hundreds or even thousands of dollars per year by allowing their audio conversations to be used for AI training …

For many years, it was accepted wisdom that Mac malware wasn’t really an issue. One of the reasons for that was that the market share was simply too low to make it a worthwhile target for attackers.

Today, of course, is a very different world. Macs are the fourth most popular brand of personal computers, and as owners of a premium brand, Mac owners make a juicy target. Does that mean you need third-party antivirus software on a Mac, or are the built-in security protections good enough? A very thorough test sought to find out …

Mobile carriers are very slowly getting better at detecting and blocking scam texts, but it seems the fraudsters may still be staying ahead of the game.

Scammers are now using a technology known as SMS blasters, backpack-sized devices that can trick smartphones into thinking they are cell towers …

In a threat and incidents report released today, France’s Information Security Agency confirmed that Apple issued a new wave of threat notifications earlier this month. Here are the details.