How did Apple get all of my email addresses?

Created on November 12, 2023 at 11:11 am

How did Apple ORG get all of my email addresses?

September 27 2023 DATE

For software testing purposes, I use a Mac ORG mini with four CARDINAL

APFS GPE boot volumes, one CARDINAL each for Big Sur ORG , Monterey GPE , Ventura GPE , and Sonoma GPE . These were all "fresh" macOS installs with no upgrades or data migration. For the most part, the Mac ORG mini contains very little of my personal data. I do sign in with my Apple ORG ID, but that’s it. I never receive, read, or send email on that Mac ORG . Nonetheless, while looking around in System Settings LOC on Sonoma GPE , I selected the Internet Accounts pane, clicked the Add Account button, and was shocked to see, in the list of Suggestions ORG , five CARDINAL different email addresses of mine, only one of which was associated with my Apple ORG ID. Two CARDINAL of the email addresses were Gmail PERSON (separate business and personal), one was a support address for my business domain, and one was an address with a third ORDINAL -party email provider. Four CARDINAL of the email address listed have never been used with any Apple ORG service: not iCloud, not iMessage, not Facetime, not iTunes ORG , not anything. I only ever use those email addresses in Apple ORG ‘s Mail app (on my MacBook Pro ORG and my iPhone). So my question is, how in the world did Apple ORG get all of those email addresses? Clearly the addresses are stored somewhere in Apple ORG ‘s iCloud, because they don’t exist on disk on my Mac mini.

Curiously, I started using another third ORDINAL -party email provider a few months ago DATE , but this email address was not in the list. I don’t know whether that’s because Apple ORG doesn’t have the email address or rather because the list of suggestions in the Internet Accounts Settings is limited to five CARDINAL items.

My use of iCloud is extremely limited. For many years DATE I resisted iCloud entirely, but I finally caved in because many customers of my Safari ORG extension StopTheMadness kept requesting iCloud support. In Settings, I allow StopTheMadness and my other app StopTheFonts to use iCloud and iCloud Drive (the latter of which is strangely a requirement for the CloudKit ORG framework), but no other app is allowed, definitely not Mail or Contacts. And I don’t use Siri PERSON at all. I’ve literally never used Siri PERSON , believe it or not, and disable everything Siri PERSON -related on all of my devices. I also disable analytics sharing with Apple ORG .

Thus, I don’t know how exactly Apple ORG got a hold of my various email addresses. I’m both puzzled and troubled by this. Apple ORG has advertised its commitment to privacy by claiming, "What happens on your iPhone ORG , stays on your iPhone." Unfortunately, however, that doesn’t appear to be true. Something that happened on my iPhone ORG or my MacBook Pro ORG somehow ended up on my Mac mini, and I want to know why. I want to know who or what is responsible for violating my privacy.

If you’re looking to reproduce this issue yourself, you may need to do a fresh, clean operating system install on one of your devices. Otherwise, your list of Internet Accounts in Settings will already be populated, and of course you won’t be offered suggestions for email accounts that are already in the list. That’s probably why this privacy violation hasn’t been noticed until now.

Connecting to Connected... Page load complete