Here’s Why This Security Firm Says Not to Use iPhone Mirroring on Your Work Mac
Toggle Dark Mode
Apple’s new macOS Sequoia operating system includes a popular new feature called iPhone Mirroring, which provides a convenient way to access your iPhone from your work Mac, but should you be using the new feature on your work computer?
“No,” says security firm Sevco. The firm says it has uncovered a significant privacy risk that should make users think twice before using the feature on a company Mac, at least until the issue has been fixed.
According to a new blog post by Sevco, using the feature at work could expose the apps on an employee’s personal iPhone to their corporate IT department.
For iPhone users, this Apple bug is a major privacy risk because it can expose aspects of their personal lives that they don’t want to share or that could put them at risk. This could include exposing a VPN app in a country that restricts access to the internet, a dating app that reveals their sexual orientation in a jurisdiction with limited protections or legal consequences, or an app related to a health condition that an employee simply does not want to share. The consequences of such data exposure may be severe.
The core issue lies in how iPhone Mirroring interacts with the macOS file system and metadata. When a user activates the feature on their Mac, it creates “app stubs” for iOS apps in a directory on the Mac called “/Users//Library/Daemon Containers//Data/Library/Caches/” which contain metadata about the apps on the iPhone, including app names, icons, versions, dates, and descriptions of the files. While the app’s executable code is not included, the information is enough to allow macOS to treat them as installed applications.
A problem could rear its ugly head in a corporate setting, as many IT management and security tools large organizations use scan Macs for installed software. Often, the tools will use the macOS metadata system, which will now include the metadata from the iPhone’s apps. This means a user’s personal iPhone apps can show up in the organization’s software inventory
Sevco demonstrated the issue using the “mdfind” macOS command line tool, which uses the macOS Spotlight search subsystem. By entering the following commands in a Terminal window, first on a Mac without the iPhone Mirroring feature enabled, then on the same Mac with the feature turned on:
mdfind "kMDItemContentTypeTree == com.apple.application" | grep Daemon
In a Terminal window that’s been granted full disk access on a Mac without iPhone Mirroring set up, the command returns a typical list of macOS applications. However, when the same commands are executed in that same Terminal window after iPhone Mirroring is enabled, it also provides a list of the user’s personal iOS apps and metadata.
This means that apps that employees use privately on their iPhones could become visible to their organization’s IT department without their knowledge or consent. While no actual personal information contained in those apps would be included, the list itself could expose sensitive private details about a person’s life based on the dating and health-related apps they use,or reveal VPN use in countries that heavily restrict their citizens’ internet access.
Sevco has alerted Apple, and the Cupertino firm is reportedly working on a fix. However, until a patch is released, Sevco recommends that employees avoid using iPhone Mirroring on their work Macs. Companies are also advised to temporarily disable the feature on corporate devices until a fix is made available and implemented.
Companies should also identify any enterprise IT systems that collect Mac software inventories and work with their vendors to lessen the risk until a patch is made available.