Apple says your AirPods Pro 2 are just headphones that respect your privacy. In reality, they contain always-on microphones that continuously analyse every sound around you — detecting when you speak, classifying background noise, and tracking your head movements. The earbuds process audio 48,000 times per second. This is not disclosed when you buy them or in prominent marketing. To use Spatial Audio, Apple scans the unique shape of your ears using your iPhone's face-scanning camera — creating a biometric map of your body. Apple says this data stays on your device, but the earbuds connect to Apple's metrics and health servers, and there is no way to independently verify the data isn't transmitted.
What they claim: Apple privacy policy states audio processing occurs on-device: "Health app features use your data on your device." Apple marketing positions AirPods Pro 2 as simple wireless headphones with privacy-by-design.
What we found: Firmware analysis reveals dual beamforming microphones are continuously active for ANC, Adaptive Transparency (processing 48,000 times/second), and Conversation Awareness (on-device ML detecting human speech). The H2 chip continuously analyses ambient audio to classify sounds and detect speech onset. While processing may be on-device, the device is functionally an always-on audio surveillance sensor — a capability never disclosed in marketing materials or prominently in privacy policy. Firmware endpoints include metrics.apple.com and metrics.icloud.com, confirming telemetry transmission.
What they claim: Apple claims Personalised Spatial Audio ear geometry data is "processed on-device and not sent to Apple servers." Privacy policy emphasises on-device processing and data minimisation.
What we found: Personalised Spatial Audio requires a TrueDepth camera scan of the user's ear canal geometry — creating a biometric 3D map of a uniquely identifying body part. While Apple claims on-device processing, the firmware connects to health-evidence.apple.com, metrics.apple.com, and metrics.icloud.com. There is no independent verification that ear geometry biometrics are never transmitted. The FCC filing (BCG-A2699) certifies 5GHz UNII band capability (5180-5240 MHz, 5745-5825 MHz) in addition to Bluetooth — raising questions about what data requires Wi-Fi-class bandwidth from earbuds marketed as Bluetooth devices.
What they claim: AirPods Pro 2 marketed as consumer headphones. FCC filing classifies them as "Wireless Earbuds" (BCG-A2699).
What we found: Since October 2024 (iOS 18.1), AirPods Pro 2 function as FDA-cleared over-the-counter hearing aids, processing clinical-grade audiogram data — sensitive medical biometric information revealing the specific frequencies and decibel levels at which a user's hearing degrades. This health data is stored in Apple Health and syncs to iCloud. The device was originally FCC-certified as simple "Wireless Earbuds" in September 2022, but now processes medical-grade health data that was never contemplated in the original regulatory filing. No updated FCC filing addresses the medical device capabilities.
What they claim: Apple's privacy policy emphasises security: "Apple is committed to the security of your data." AirPods are marketed as seamlessly secure within the Apple ecosystem.
What we found: Two high-severity Bluetooth authentication vulnerabilities have been found: CVE-2024-27867 and CVE-2023-27964. Both allow an attacker in Bluetooth range to spoof a previously paired device and gain access to the earbuds, potentially enabling eavesdropping on private conversations. CVE-2024-27867 required Apple's first-ever standalone security update for AirPods firmware. The always-on Bluetooth connectivity and always-active microphones create a persistent attack surface that Apple's security marketing does not acknowledge.
What they claim: Conversation Awareness described by Apple as a convenience feature: "your AirPods will detect your speaking voice and recognize that you're trying to hold a conversation."
What we found: Conversation Awareness requires continuous real-time analysis of all audio input to distinguish human speech from background noise. The speech-detecting accelerometer and dual beamforming microphones work together with on-device ML on the H2 chip to continuously monitor for speech onset. This is functionally always-on speech detection — the same capability that drew widespread privacy criticism when Amazon and Google implemented it in smart speakers. Apple's framing as a simple "convenience feature" obscures the surveillance implications of a device that is literally always listening for you to start talking.
What they claim: Apple positions itself as the privacy-first alternative to Google/Android. Apple's privacy marketing states: "Privacy is a fundamental human right."
What we found: The Apple Music companion app (com.apple.android.music v5.1.2) on Android includes Google Firebase Analytics and Google CrashLytics trackers. It requests ACCESS_ADSERVICES_AD_ID, ACCESS_ADSERVICES_ATTRIBUTION, AD_ID, and BIND_GET_INSTALL_REFERRER_SERVICE permissions — all advertising tracking permissions. The app also requests READ_CONTACTS, CAMERA, and BLUETOOTH access. Apple embeds the same Google advertising and analytics infrastructure it criticises competitors for using.
What they claim: AirPods Pro 2 marketed as personal audio devices. Find My integration described as a convenience feature for locating lost earbuds.
What we found: The MagSafe Charging Case contains a U1 Ultra Wideband chip that continuously broadcasts Bluetooth location beacons detectable by over 1 billion Apple devices in the Find My network. Law enforcement and security researchers have documented AirPods being used as stalking tools. Apple's own support page acknowledges this, stating "using AirTag to track people without consent is a crime." Apple can provide paired account details to law enforcement, effectively making AirPods a law-enforcement-accessible location tracker. The iFixit teardown revealed the lanyard insert may double as a U1 antenna — the tracking hardware is literally built into the structural design.
What they claim: Apple privacy policy states: "Apple does not sell your personal data." Apple Health privacy page states data is "encrypted and inaccessible" when device is locked.
What we found: Regulatory evidence shows Apple complied with 93% of government data requests in H2 2020. Apple's law enforcement guidelines confirm Apple can provide: iCloud account data, iCloud backups (unless Advanced Data Protection is enabled — most users don't enable it), device registration, connection logs, and Find My location data. In 2022, Apple admitted providing user data to hackers who forged emergency law enforcement requests. AirPods generate Find My location beacons, Bluetooth connection logs, and usage telemetry — all accessible to law enforcement with valid process.
What they claim: Apple Music Android app requests 28 permissions for a music playback application.
What we found: The companion app requests CAMERA, READ_CONTACTS, BLUETOOTH, and MODIFY_AUDIO_SETTINGS beyond what music playback requires. The firmware reveals the H2 chip processes Conversation Awareness (speech detection), head tracking (gyroscope/accelerometer), and adaptive audio — all sensor data that flows through the paired device's app ecosystem. The app's FOREGROUND_SERVICE_DATA_SYNC permission enables background data synchronisation even when the app is not actively in use, allowing continuous telemetry collection from the connected AirPods.
What they claim: Apple emphasises device repairability and environmental responsibility. Apple's Environment page promotes recycling programs and material recovery.
What we found: iFixit teardown gives AirPods Pro 2 a 0/10 repairability score — completely unrepairable, sealed construction with adhesive throughout. The lithium battery degrades over 2-3 years of daily use and cannot be replaced. Apple offers no battery replacement service for individual earbuds (only full-unit replacement at near-retail cost). This planned obsolescence contradicts Apple's environmental marketing and creates e-waste containing lithium batteries, rare earth metals, and the custom H2/U1 chips. The sealed design also prevents independent security auditing of the firmware.