Can You Hear Me Now? - A Brief Analysis Of iOS & iPadOS First Party App Privacy Practices


Over the past couple of months, I've been researching first party app privacy practices on iOS and iPadOS (tested on 14.4 - 15.1) and determined that a number of apps such as Siri, FaceTime and Translate do not honour the restrict microphone permission in Settings > Screen Time > Content & Privacy Restrictions > Microphone

*** Note that Siri and FaceTime can be disabled system wide in Settings > Screen Time > Content & Privacy Restrictions > Allowed Apps ***


To illustrate this, I downloaded comparable third party apps and tested whether they were allowed access to the microphone as permitted by first party apps.

Amazon Alexa vs. Siri

I downloaded the Amazon Alexa app from the App Store and once opened was shown the following message when attempting to access the microphone:


Amazon-Alexa

I then opened Siri and access to the microphone was granted without prompting.

Zoom vs. FaceTime

I downloaded the Zoom app from the App Store and once opened was shown the following message when attempting to access the microphone:


Zoom

I then opened FaceTime and access to the microphone was granted without prompting.

Microsoft Translator vs. Translate

I downloaded the Microsoft Translator app from the App Store and once opened was shown the following message when attempting to access the microphone:


Microsoft-Translator


I then opened the Apple Translate app and access to the microphone was granted without prompting.


I notified the Apple Product Security team about this issue on March 12, 2021


-October 25, 2021

Info-Sec.CA