Apple Watch Doesn’t Use Mail Privacy Protection

Security researchers have discovered that the Apple Watch’s email app doesn’t use Apple’s new Mail Privacy Protection feature.

On Monday, the researchers and developers behind the Twitter account @mysk_co shared that they discovered a new issue with the Mail app on the Apple Watch. According to them, when previewing or opening email on the Apple Watch, the app downloads remote content using your real IP address instead of the protected address provided by Mail Privacy Protection.

Apple originally introduced Mail Privacy Protection with the release of iOS 15, saying the feature will protect your location, prevent senders from tracking you, and also stop marketers from checking whether you've opened an email or not.

"Mail Privacy Protection helps protect your privacy by preventing email senders from learning information about your Mail activity. When you turn it on, it hides your IP address so senders can't link it to your other online activity or determine your location. It also prevents senders from seeing if you've opened the email they sent you," Apple explains in its support documents.

To test their discovery, the researchers hosted an image on their server and embedded it into an email. They found that the Mail app on Apple Watch downloaded remote content using their real IP address instead of using the multiple proxies Mail Privacy Protection says it uses.

It’s unclear if this is intended or if the feature is somehow bugged on the Apple Watch. We’ve reached out to Apple for comment but have received no response.