Apple

Apple belatedly confirms bug that harvested audio recordings from iPhone users

Apple belatedly confirms bug that harvested audio recordings from iPhone users

02/15 Update below. This article was originally published on February 11

Apple has had a lot of success lately, including its latest iOS updates. But the company has now given its 1.5 billion iPhone and iPad users worldwide a good reason to leave.

MORE FORBESThe Biggest iPhone Hack of All Time Wasn’t Alone

The revelation comes from a statement to ZDNet, which inadvertently reveals that Apple had been harvesting voice recordings from iPhone and iPad owners without permission for months. And the only reason we know about it is that a new iOS 15.4 beta has given the game away.

Update 2/15: I contacted Apple and asked the following questions:

  1. Why was the iOS 15.2 patch excluded from the official release notes?
  2. How long after the release of iOS 15 did Apple discover this bug?
  3. Has Apple contacted affected users?

Today, Apple informed me that it would not comment on any of these points.

Update 2/12: ZDNet has posted a correction to its original story. The site writes that “An earlier version of this story stated that the bug was fixed in iOS 15.4, but it was actually fixed in iOS 15.2.” This is an important clarification that puts Apple’s actions in a more positive light, but only partially.

While the company should be credited with acting quicker than initially thought (two months after the user’s audio was wrongly shared with Apple, instead of five months), it doesn’t. does nothing to absolve the company’s lack of transparency on this issue. After learning that user audio was recorded without permission and sent to Apple servers, the only acceptable action was for Apple to be transparent and communicate to users what happened. Bug or not, the error represented a clear breath of fresh air on user privacy. As it stands, on several occasions Apple has now had access to its users’ audio recordings without their permission (details below) and each time Apple must have been caught off guard before admitting what had happened.

What happened?

In short: Upon installing iOS 15.4 beta 2, users are prompted whether or not they want to agree to submit audio recordings captured by their device (mostly using Siri) to Apple to help improve the service. This seemed odd as users were already prompted to submit preferences back in 2019 when iOS 13.2 introduced this option. But then Apple belatedly filled in the gaps.

Explaining the prompt to ZDNet, Apple revealed, “With iOS 15.2, we disabled the Enhance Siri and Dictation setting for many Siri users while we fixed a bug introduced with iOS 15. This bug inadvertently enabled the Enhance Siri and Dictation setting for many Siri users. parameter for a small part of devices. Since identifying the bug, we have stopped investigating and are removing received audio from all affected devices.”

And the timeline is a real issue here. iOS 15 was released on September 20, 2021. iOS 15.2 was released on December 13, 2021 and the first time users were notified of this privacy breach was five months later. Apple did not provide the information when the bug was first discovered, did not notify affected customers, and made no mention of it in the iOS 15.2 or iOS 15.4 release notes.

As for a “small proportion”, while Apple declined to give a figure, one should understand the scale of active iPhone and iPad users worldwide. For example, just 1% still equals 16,500,000 users.

Why You Might Want to Quit Apple Devices

But why should that make you want to leave? Because this is not the first time that Apple lacks transparency with the voice recordings of users. It’s not even the second. Here is the backstory:

In July 2019, the British newspaper The Guardian revealed that Apple was secretly employing contractors to listen to and “evaluate” audio from iPhone and iPad owners that was recorded without their knowledge. The contractors “regularly” heard confidential information, including medical details, drug transactions and recordings of couples having sex.

In response, Apple issued a full apology, admitting “we have not fully lived up to our high ideals” and the company rolled out the iOS 13.2 opt-in/out update. Apple was not alone, similar scandals were also exposed to Amazon, google and Facebook.

But almost a year later, The Guardian reported that nothing had changed. Whistleblower Thomas le Bonniec, one of the contractors employed to listen to and grade the audio recordings, wrote to data protection regulators saying Apple “continues to ignore and violate fundamental rights and continues to collect massive amount of data”.

“I listened to hundreds of recordings every day, from various Apple devices,” Bonniec said. “These recordings were often made without any activation of Siri, for example within the framework of a real intention of the user to activate it for a request. These treatments were carried out without the knowledge of the users and were gathered in data sets to correct the transcription of the recording made by the device.

“Registrations were not limited to users of Apple devices, but also involved parents, children, friends, colleagues and anyone who could be registered by the device. The system recorded everything: names, addresses, messages, searches , arguments, background noises, movies and conversations I have heard people talk about their cancer, refer to deceased relatives, religion, sexuality, pornography, politics, school, relationships or drugs without any intention of activating Siri.

In this context, it is surprising to learn that a third case of unsolicited user audio recordings (accidental or not) has again caused Apple to remain silent until its own beta software exposes the situation.

As respected MacRumors writer Juli Clover exclaimed: “So Apple was aware of this as early as iOS 15.2 and told us nothing.”

What to do next

For some, this latest transgression will be a step too far while others will dismiss it because Apple can’t be wrong. Regardless of your position, I would strongly advise all affected iPhone and iPad owners to make the following changes:

  1. Settings > Privacy > Analytics and Improvement > Improve Siri and Dictation — Check that it is switched off
  2. Settings > Siri & Search > Siri History – faucet ‘Delete Siri and Dictation History‘.

To enable other restrictions, such as revoking location tracking and integrating third-party apps with Siri, read Apple Ask Siri, dictation and privacy page.

___

Follow Gordon on Facebook

Learn more about Forbes

The Biggest iPhone Hack of All Time Wasn’t Alone

Apple’s model numbers for new iPhone and iPads leaked