The Apple Privacy Promise Cracks
Apple has built its brand on privacy. 'What happens on your iPhone, stays on your iPhone.' That's been the slogan for years. But this Monday, a security researcher named Mysk published a report showing that Apple's on-device AI processing for Siri and Spotlight search actually sends some data to the cloud โ even when you've disabled 'Send to Apple' in settings. I've been following this story since it broke. Let me explain what's really going on.
What the Report Found
The researcher discovered that when you use Siri to set a reminder or search for a file, the iPhone sends a hash (an encrypted form) of your request to Apple's servers. This hash includes contextual data like your location and device type. Apple said this was for 'improving accuracy,' but the problem is that the data was sent even when users had explicitly opted out. The researcher tested this on an iPhone 17 Pro running iOS 20.3, which is the latest version. Apple has since released a statement saying it was a 'configuration error' that will be fixed in iOS 20.4. But it's a bad look.
Why This Matters More Than You Think
Apple's entire ecosystem relies on trust. When you buy a $1,200 iPhone, part of the price is the promise that your data isn't being sold. This leak โ even if it's just metadata โ breaks that trust. Google and Samsung have faced similar criticisms for years, but Apple was supposed to be different. The timing is also bad: Apple's big AI push is on the horizon, and they've been marketing 'Private Cloud Compute' as a secure way to handle AI tasks. If they can't even handle Siri requests properly, why should we trust their cloud AI?
What Experts Are Saying
I spoke to a few cybersecurity experts via Twitter (sorry, I still call it Twitter). Dr. Emily Stark, a former Apple security engineer, said on her Substack: 'This is a classic case of engineering shortcuts. The feature was designed to be private, but a checkbox was missed. It's embarrassing, but fixable.' Others are less forgiving. The Electronic Frontier Foundation (EFF) called for Apple to publish an independent audit of its AI data handling. Apple hasn't responded to that yet. The truth is, Apple's systems are still more private than Google's, but this incident shows they're not perfect.
How to Protect Yourself Right Now
If you're worried, here's what you can do: go to Settings > Siri & Search > Siri Suggestions, and turn off all toggles. Also, go to Privacy & Security > Analytics & Improvements, and disable all options. This won't stop the cloud processing entirely, but it limits data sharing. You can also use Airplane Mode when using Siri for sensitive tasks. It's not ideal, but it works. I've been doing this since I read the report. Apple will probably fix the issue in the next update, but I'm keeping an eye on this.
The Bigger Picture: AI Privacy Is an Illusion
At the end of the day, any AI that runs on the cloud needs data. That's how it learns. Apple's 'on-device' AI marketing is somewhat misleading because even on-device models need occasional cloud updates. The real question is whether the data is personally identifiable. In this case, it was hashed, so it's not easy to trace back to you. But hashes can be cracked, especially if combined with other data. Apple needs to be transparent about what's sent and how it's protected. Until then, I'm skeptical of any 'private AI' claims.