New iPhone Mirroring feature can potentially compromise your privacy at work

Apple’s latest iPhone Mirroring feature, introduced with macOS 15.0 Sequoia and iOS 18, has raised significant privacy concerns. According to a report from Sevco Security, this new feature could inadvertently expose personal information from employees’ iPhones to their employers when used on work computers.

The issue lies in how iPhone apps are treated when mirrored onto a Mac. Sevco discovered that personal iOS apps mirrored from an employee’s phone are logged in corporate software inventories as if they were native Mac applications. This means that during corporate IT audits or software compliance checks, these personal apps become visible to the company.

For employees, the risk is substantial. Sevco discovered that personal iOS apps mirrored from an employee’s iPhone are logged on the Mac in the following directory:

/Users/<user>/Library/Daemon Containers/<uuid>/Data/Library/Caches/<app_name>

This means that personal apps could be exposed to employers during corporate IT audits or software compliance checks, as they are treated like native Mac applications.

This could reveal sensitive personal information, such as VPN usage in restrictive countries, health-related apps, or dating apps that may expose details employees prefer to keep private. Although no app data is shared, the visibility of certain apps could lead to unintended consequences.

The privacy bug also presents legal challenges for companies. By unknowingly collecting personal data from employees’ devices, businesses could violate major privacy laws such as the California Consumer Privacy Act (CCPA) or the General Data Protection Regulation (GDPR) in Europe. This could lead to litigation, regulatory fines, and other enforcement actions.

Sevco has advised businesses to instruct employees not to use iPhone Mirroring on work Macs until a fix is available. They also recommend that companies review their IT systems to ensure they’re not inadvertently collecting personal data through this feature.

The security firm stated that Apple has acknowledged the bug and is actively working on a solution. Although security firms like Sevco typically wait for a patch before making an announcement, they decided to disclose this issue early due to its rapid spread. Sevco highlighted that the most effective defense at the moment is awareness, both from companies and individuals.

Until Apple releases an update, Sevco suggests that employees avoid using iPhone Mirroring on work machines. Businesses should also purge any private data inadvertently collected through this feature to reduce liability. With Apple expected to patch the issue soon, both companies and individuals need to stay alert to avoid further privacy risks.