If you’re interested in using Apple’s new iPhone mirroring for work, you might want to hold off for now. Cybersecurity software provider Sevco Security could expose apps running on iPhones, including personal ones, to employers, as detailed in a report released Tuesday. I discovered a privacy flaw.
Introduced in iOS 18 and MacOS 15 Sequoia, iPhone Mirroring lets you wirelessly view, access, and control your iPhone from your Mac. This feature is useful because it allows you to use your Mac’s trackpad and keyboard to control your iPhone and open various apps. However, using mirroring at work can pose privacy issues.
Related article: 3 iPhone settings I changed to deter thieves – What to do if your phone gets stolen
Many large companies and other organizations maintain an inventory of applications installed on their employees’ computers. This helps support asset management and security measures. This type of inventory is typically limited to programs on your computer and does not include apps on your mobile device.
However, Sevco’s research shows that any iPhone apps you access on your Mac through iPhone mirroring are tracked in your employer’s inventory database. This includes work-related and personal apps, especially if the iPhone is yours. This means your employer can see what apps you use on your phone.
Related article: How to use your iPhone’s emergency satellite feature if you lose cell phone coverage
In its report, Sevco explained how this could impact its employees.
“For iPhone users, this Apple bug is a significant privacy risk because aspects of their private lives that they don’t want to share could be exposed or put at risk,” Sevco said. “This includes the publication of VPN apps in countries with restricted internet access, and the release of dating apps that reveal sexual orientation in jurisdictions with limited protection or legal repercussions. This could include publishing apps that employees simply don’t want to share.
But employers themselves may also be at risk.
Related article: Internet Archive breach compromises 31 million accounts – what you need to know
“For businesses, this bug means new data responsibilities due to the possibility of collecting personal data of employees,” Sevco added. “If this bug is not resolved, it could lead to violations of major privacy laws such as the CCPA (California Consumer Privacy Act), potential litigation, and enforcement by federal agencies.”
Sevco notified Apple about the bug, and Apple said it had identified the cause and is currently working on a fix. The company also warned customers that the issue could result in their employees’ personal information being collected and even accessed.
Also, my biggest regret is updating my iPhone to iOS 18 (and I’m not the only one).
“Although app data is not shared, the mere presence of certain apps, such as health services or dating services, could potentially expose sensitive personal information,” said Jason Soroko, a senior fellow at certificate lifecycle management firm Sectigo. “There is,” he told ZDNET. “What is being shared is metadata about the presence of the application on the mirrored iPhone. This issue occurs because the mirroring feature does not properly separate personal app metadata from the corporate software inventory. I will.”
Until Apple resolves this issue, Sevco recommends that you avoid using iPhone mirroring on your work computer. Companies should also alert employees to avoid using this feature and identify which IT systems collect software inventory from Macs. Once the issue is resolved, employers must also remove the employee’s personal data from their inventory to prevent the risk of liability.
