It can be Apple to constantly advertise that safety The privacy of its users is its main concern, but that does not mean that it does not make mistakes. And the last one was discovered by a security investigator, digital assistant of the company, Siri.
Apple technology expert Bob Gendler tested the macOS operating system to understand more about how Apple trains and customizes Siri for each user. During his investigation, he found that operating system stores segments e-mail users in plain text, even when they are supposed to be encrypted.
As Gendler said in his post, Apple uses a system process called suggestd, a program that is constantly running, gathering content from various applications. These include Spotlight, Mail and Messages. By collecting this information, he or she better understands what everyone likes user to introduce him to the topics that interest him.
When it collects this information, it saves it to the file snippets.db inside the folder MacOS suggestions. Suggestd saves plain text even emails that are encrypted with mail extension Secure / Multipurpose (S / MIME), a technology that uses public and private keys to protect emails.
Although an attacker will need full access to the disk with system files to view this information, as MacOS protects them with System Integrity Protection, there are cases when users need to disable the function. According to Gendler, any program with full disk access on macOS could potentially collect data, such as Apple's Finder (the equivalent of Windows File Explorer).
What can you do
Simply disabling Siri will not help, as it is still running in the background. Instead, you can manually enter a command in your terminal window (you do not need to have root access to do so):
defaults write com.apple.suggestions SiriCanLearnFromAppBlacklist -array com.apple.mail
If you want to immediately stop Siri access to applications you, go to System Preferences and then on Siri. Click on About Siri & Privacy and then remove all your applications in turn.
Gendler also provides a larger one script, which you can run to disable Apple Mail tracking by Siri.
It should be noted that it is not so easy for an intruder to access the system tray, however it is preferable to be covered in any case.
Apple has stated that it is aware of the problem and intends to address it in a future software update.