Mail on Apple Watch doesn't use Mail Privacy Protection, leaks IP addresses

What you need to know

  • Mail Privacy Protection prevents email senders from getting your IP address, even when you load remote content like images.
  • A new test appears to show that Mail on Apple Watch does not use Mail Privacy Protection.

It's currently unclear whether this is a bug or if Mail is working as designed.

New research appears to show that the Apple Watch Mail app is leaking people's IP address even when they have Mail Privacy Protection enabled.

When Apple released iOS 15 one of the new privacy features was something called Mail Privacy Protection. That includes a few things, but one facet is Apple's ability to route the downloading of remote images via its proxy network to hide your real IP address. That prevents email senders from getting it, and it's a good thing. But a new test appears to show that Mail Privacy Protection doesn't extend to Apple Watch.

Here's how Apple describes Mail Privacy Protection.

In the Mail app, Mail Privacy Protection stops senders from using invisible pixels to collect information about the user. The new feature helps users prevent senders from knowing when they open an email, and masks their IP address so it can't be linked to other online activity or used to determine their location.

For a number of years, Intelligent Tracking Prevention has helped protect Safari users from unwanted tracking by using on-device machine learning to stop trackers while allowing websites to function normally. This year, Intelligent Tracking Prevention is getting even stronger by also hiding the user's IP address from trackers. This means they can't utilize the user's IP address as a unique identifier to connect their activity across websites and build a profile about them.

However, Tommy Mysk was able to send themselves an email with an image in it and then track the IP address used to download it. The IP address was their real one, not a random one assigned by Apple.

It isn't immediately clear whether this is a bug or if Mail is working as designed. Apple's documentation about Mail Privacy Protection isn't clear as to whether watchOS 8 is included — we've reached out to Apple for confirmation.