- Apple introduced a new feature to protect mail privacy in iOS 15, but it does not seem to apply to Apple Watch products.
- The Mail Privacy Protection feature is supposed to hide the user's IP address and download remote content privately in the background.
- Both the Mail app and the notification previews on Apple Watch use real IPs, undermining the feature's overall security on the user's other Apple devices.
The Mail Privacy Protection provided by Apple for iOS 15 devices is a great feature for users, but the fact that it does not cover the Apple Watch poses a security issue and compromises this feature's overall protection. Apple announced this feature for iOS 15, iPadOS 15, and macOS Monterey only,
However, researchers Talal Haj Bakry and Tommy Mysk discovered that since the feature does not work on the Apple Watch's Mail app, the wearable exposes the real IP of the recipient and thus compromises the overall privacy provided by Mail Privacy Protection across the user's iOS 15 iPhone, iPad, and mac.
Since the Watch can download remote content (such as images) using the recipient's real IP address, both when receiving a notification and when opening an email, bypassing the Mail Security Protection enabled on the other Apple devices.
This feature can be enabled in Settings > Mail > Privacy Protection, and it routes content downloaded by the Mail app through proxy servers and hides the user's IP address, making it harder for senders to follow the recipient's email activity such as whether they opened a received email.