Privacy

Earlier this week, Meta officially flipped the switch on in-app advertising for WhatsApp users worldwide, marking the first time ads have appeared inside the messaging platform. But if you’re in the European Union, there’s now an important update: the rollout won’t be happening for you… yet.

The privacy-focused web browser DuckDuckGo has boosted its anti-scam features. It can now detect and block fake ecommerce stores, crypto sites, virus alerts, and more.

The new security feature is completely free for all users on both Mac and iOS browsers, with no Privacy Pro subscription needed …

Update: Business Insider notes that Meta has now added a warning message when users share chat queries.

The Meta AI app has been described as “a privacy disaster,” as users unknowingly make their embarrassing questions public.

One tech writer described it as like discovering your web browser history has been public all along without you knowing it …

Scammers are using AI tools to create increasingly convincing ways to trick victims into sending money, and to access the personal information needed to commit identity theft. Deepfakes mean they can impersonate the voice of a friend or family member, and even fake a video call with them!

The result can be criminals taking out thousands of dollars worth of loans or credit card debt in your name. Fortunately there are steps you can take to protect yourself against even the most sophisticated scams. Here are the security and privacy checks to run to ensure you are safe …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Earlier this week, during its annual WWDC keynote, Apple unveiled a slew of headline features like Liquid Glass, a new Games app, and Visual Intelligence, as well as two major spam protection tools coming to iOS 26 this fall. While I was a little disappointed in the lack of new security or even privacy features, these new tools will change the game for users who receive annoying spam calls and messages on the daily. Here’s how they work.

Today, Apple confirmed (via TechCrunch) that a zero-day flaw used to deploy mercenary spyware onto journalists’ iPhones was quietly patched earlier this year, with the iOS 18.3.1 update.

I bet nobody had ‘Meta arguing for privacy on Apple’s behalf’ on their tech bingo cards, but that’s exactly what the social networking company is hoping to do.

Meta has asked the court’s permission to give evidence in support of Apple’s privacy battle with the British government over a feature intended to apply end-to-end encryption to almost all iCloud data …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

We’re officially just over a week away from WWDC 2025. While we expect big design enhancements and much-needed Apple Intelligence improvements to iOS, Apple has the opportunity to do something it’s quite good at: flexing its privacy prowess.

An update to T-Mobile’s T-Life app is rolling out at present, and customers are finding that it has screen recording on by default.

The carrier has confirmed that this is by design, but claims that it’s not a privacy risk, and says that it can be toggled off if desired …

Apple introduced app privacy labels to help people better understand what data an app may collect, including what data is linked to them or used to track them across the web. When released back in 2020, the labels set a precedent in the industry and were a major first step in raising awareness of privacy-invasive apps. It became easy for users to compare something like Signal, which collects virtually no user data at all, and Facebook Messenger, which gobbles up anything and everything it can. The feature set out to help users make informed downloads.

However, in recent years, I have seen a growing conversation around whether these entirely self-reported labels located further down on the application’s App Store page still impact the user’s decision before hitting “Get” to install.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Apple login credentials were among a massive database of 184 million records found sitting unprotected on a web server. Other logins included Facebook, Google, Instagram, Microsoft, and PayPal.

The owner of the database is unclear, but the security researcher who discovered it says that it amounts to “a cybercriminal’s dream working list” …

A Coinbase hack has seen some customers tricked into sending funds to the attackers, with the company estimating that they suffered losses of somewhere between $180M and $400M.

The attackers also stole personal data, after Coinbase refused to pay a ransom demand – instead reporting the hack to law enforcement, and offering a $20M reward for information on the perpetrators …

Data brokers may be banned from selling your personal data without legitimate justification, under a new proposal by the Consumer Financial Protection Bureau (CFPB). Back in the summer it was revealed that one of these brokers was hacked, resulting in the compromise of personal data for every person in the US, UK, and Canada.

Update: With the CFPB being neutered by the Trump administration, plans for this protection have been killed. Original post follows …

Apple has updated the AppKit documentation to inform developers about a significant change coming to the macOS pasteboard, the system-level mechanism for transferring data between applications and Apple devices.

Here’s how it’s going to work:

Reddit has announced plans to fight back after a large-scale AI fraud was carried out against users of the highly popular Change My View subreddit.

However, the company’s plans to take to fight AI bots may not be popular with users, as it could compromise the platform’s long-standing approach to privacy …

If you used Siri between 2014 and 2024, and the voice assistant was ever activated by something random you said, you may be entitled to a cut of a payout from Apple.

Apple agreed back in January to settle a class action privacy lawsuit for unintended Siri activations between September 17 2014 and December 31 2024, and US residents can now register a claim …

The Android and iPhone spyware company NSO has suffered a major defeat in a US court, after a judge ruled that the company must hand over its Pegasus code to Meta.

Update: NSO was yesterday ordered to pay Meta more than $167M in damages for the attack. It’s the latest setback for the company, which has been blacklisted in the US, sued by Apple, seen victims alerted by the iPhone maker, and faced severe financial problems …

Apple has notified iPhone users in 100 countries that their devices have been infected with spyware, implying that it may be NSO’s Pegasus.

The company has warned victims to take it seriously, and to immediately take a number of security actions in response. One of the recipients has shared almost the entire message, the first time I can recall seeing more than a brief excerpt …

Meta’s encrypted messaging app WhatsApp will use an approach pioneered by Apple to add AI capabilities without compromising privacy.

The company has announced that it will use tech it calls Private Processing, which appears to exactly replicate Apple’s Private Cloud Compute …

Over the weekend, a buzzy story gained traction across several publications. It seemingly started with this New York Post article. The basic message: “Apple warns users to delete Chrome from their iPhones immediately.” If true, that would indeed be huge news. But the real details are more complicated and nuanced.

WhatsApp users have expressed frustration at the fact that there is no way to remove the new Meta AI chatbot feature from the messaging app, raising concerns that the company is seeking to use their private chats to train the bot.

Meta says the AI chatbot can’t read messages unless one of the chat participants chooses to share it, but adds that the company is “listening to feedback” from users …