Executive Summary
Lumia’s Research Team revealed that messages dictated via Siri, including WhatsApp and iMessage are not sent to the Private Cloud Compute. In fact, there is no assurance as to what Apple does with these messages.
Siri transmits metadata about installed and active apps without the user’s ability to control these privacy settings.
Audio playback metadata such as ‘recording names’, is sent without consent. No user control or visibility exists over these background data flows.
Apple uses two distinct privacy policies (Siri vs. Apple Intelligence), meaning similar queries may fall under different data-handling rules.
TL;DR
We reveal AppleStorm, our investigation into how Apple AI’s eco-system quietly transmits messages (WhatsApp, iMessage) sent via Siri to Apple servers, even when it isn’t needed to complete the task. This happens without the user having any control whatsoever over when and what can be sent.Also more data than messages is sent to Siri’s servers. Let’s deep dive.
Introduction
Lately, Apple’s AI has been making headlines. From promising robust security measures to developing localized models that process data directly on devices, Apple has positioned itself as a champion of privacy and productivity.
How safe are these innovations? Despite the numerous advancements, recent news has highlighted critical concerns about Apple’s AI suite. A lawsuit regarding Siri eavesdropping, settled last January, raises questions about user privacy. More recently, allegations surfaced that Apple Intelligence generated false notifications, including a summary of BBC news with inaccurate information on behalf of the BBC.
... continue reading