Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label siri. Show all posts
siri
Apple Apple Intelligence Cloud Computing Data collection encrypted communications Privacy siri

Research Raises Concerns Over How Apple’s Siri and AI System Handle User Data

 



Apple’s artificial intelligence platform, Apple Intelligence, is under the spotlight after new cybersecurity research suggested it may collect and send more user data to company servers than its privacy promises appear to indicate.

The findings were presented this week at the 2025 Black Hat USA conference by Israeli cybersecurity firm Lumia Security. The research examined how Apple’s long-standing voice assistant Siri, now integrated into Apple Intelligence, processes commands, messages, and app interactions.


Sensitive Information Sent Without Clear Need

According to lead researcher Yoav Magid, Siri sometimes transmits data that seems unrelated to the user’s request. For example, when someone asks Siri a basic question such as the day’s weather, the system not only fetches weather information but also scans the device for all weather-related applications and sends that list to Apple’s servers.

The study found that Siri includes location information with every request, even when location is not required for the answer. In addition, metadata about audio content, such as the name of a song, podcast, or video currently playing, can also be sent to Apple without the user having clear visibility into these transfers.


Potential Impact on Encrypted Messaging

One of the most notable concerns came from testing Siri’s dictation feature for apps like WhatsApp. WhatsApp is widely known for offering end-to-end encryption, which is designed to ensure that only the sender and recipient can read a message. However, Magid’s research indicated that when messages are dictated through Siri, the text may be transmitted to Apple’s systems before being delivered to the intended recipient.

This process takes place outside of Apple’s heavily marketed Private Cloud Compute system, the part of Apple Intelligence meant to add stronger privacy protections. It raises questions about whether encrypted services remain fully private when accessed via Siri.


Settings and Restrictions May Not Prevent Transfers

Tests revealed that these data transmissions sometimes occur even when users disable Siri’s learning features for certain apps, or when they attempt to block Siri’s connection to Apple servers. This suggests that some data handling happens automatically, regardless of user preferences.


Different Requests, Different Privacy Paths

Magid also discovered inconsistencies in how similar questions are processed. For example, asking “What’s the weather today?” may send information through Siri’s older infrastructure, while “Ask ChatGPT what’s the weather today?” routes the request through Apple Intelligence’s Private Cloud Compute. Each route follows different privacy rules, leaving users uncertain about how their data is handled.

Apple acknowledged that it reviewed the findings earlier this year. The company later explained that the behavior stems from SiriKit, a framework that allows Siri to work with third-party apps, rather than from Apple Intelligence itself. Apple maintains that its privacy policies already cover these practices and disagrees with the view that they amount to a privacy problem.

Privacy experts say this situation illustrates the growing difficulty of understanding data handling in AI-driven services. As Magid pointed out, with AI integrated into so many modern tools, it is no longer easy for users to tell when AI is at work or exactly what is happening to their information.




Read more »
Subscribe to: Posts (Atom)