Apple says what happens on your iPhone stays on your iPhone, but by default your iPhone backs up everything to iCloud — including messages, photos, and health data — where Apple can access it and hand it to police or governments on request. Apple approved 93% of government data requests. The truly private option (Advanced Data Protection) is buried in settings and most people never turn it on. Apple said Siri was designed to protect your privacy, but for years Apple secretly paid contractors to listen to your Siri recordings — including conversations that were accidentally recorded. Contractors heard private medical appointments, business deals, and intimate moments. Apple had to pay $95 million to settle the lawsuit. They said they stopped, but France's privacy authority opened a new investigation in 2025.
What they claim: Apple Find My privacy page states: 'Find My is designed to protect your information.' Claims the network is 'end-to-end encrypted' and 'anonymous.'
What we found: Every iPhone participates in the Find My mesh network by default, acting as a Bluetooth relay that reports the location of nearby Apple devices and AirTags to Apple's servers. George Mason University researchers discovered the 'nRootTag' exploit allowing attackers to track any Bluetooth device with 90% success rate by manipulating Find My's cryptographic keys. The Find My network turns every iPhone into a surveillance node — your device helps track other people's items, and other people's devices could be used to track you. While Apple claims this is anonymous, the nRootTag exploit proves the cryptographic protections can be circumvented.
What they claim: Apple markets its AI as privacy-preserving with on-device processing and Private Cloud Compute
What we found: Apple is distilling Google's multi-trillion parameter Gemini model to run on-device iPhone AI. This means Apple's "private" AI is built on Google's training data — whatever Google fed Gemini, Apple's on-device model inherited. On-device processing doesn't help when the model itself was trained on mass-collected data.
What they claim: Apple's App Tracking Transparency (ATT) marketing positions Apple as the defender of user privacy against third-party tracking. Apple's privacy page states: 'App Tracking Transparency lets you decide which apps are allowed to track your activity.'
What we found: ATT only blocks third-party cross-app tracking. Apple's own first-party advertising platform (Apple Search Ads) collects user data including app downloads, search queries, device info, and Apple Account demographics WITHOUT triggering an ATT prompt. Apple's advertising platform grew significantly after ATT was introduced — Apple became the primary beneficiary of blocking competitors' tracking while exempting its own data collection. iOS system permissions show APPLE_ADVERTISING_PLATFORM and DEVICE_ANALYTICS as built-in capabilities.
What they claim: Apple privacy policy states: 'We strive to collect only the personal data that we need.' The iOS system is marketed as privacy-respecting with user consent for data access.
What we found: iOS system capabilities analysis shows 50 permission categories including SIGNIFICANT_LOCATIONS (enabled by default, tracks everywhere you go), DEVICE_ANALYTICS, APP_ANALYTICS, APPLE_ADVERTISING_PLATFORM, FIND_MY_NETWORK (enabled by default, turns your phone into a tracking relay), ICLOUD_BACKUP (default, sends data to Apple's servers), SIRI/DICTATION/VOICE_PROCESSING (processes voice server-side). Many of these are enabled by default or deeply buried in settings. The sheer breadth of system-level data access — from health records to motion data to location history to voice recordings — contradicts the 'minimal collection' claim.
What they claim: Apple privacy policy promises data minimisation and states personal data is retained only 'for the period necessary to fulfill the purposes outlined in this Privacy Policy.'
What we found: The Siri settlement revealed recordings were retained and reviewed by contractors from 2014 through 2019 — a five-year period during which Apple's privacy policy made no mention of human review of voice recordings. Apple must now delete Siri recordings obtained outside opt-in and confirm deletion within 6 months as part of the settlement. iCloud backup data (containing messages, photos, location history, health data) is retained as long as the user's account exists, with no automatic expiration. Apple's law enforcement guidelines confirm they retain connection logs and can provide account metadata on request.
What they claim: Apple privacy policy states: 'Apple does not sell your personal data.' Apple markets 'What happens on your iPhone stays on your iPhone.' Privacy page declares: 'Privacy is a fundamental human right. It's also one of our core values.'
What we found: Apple's law enforcement guidelines (updated October 2025) confirm Apple can provide to law enforcement: iCloud account data, iCloud backups, device registration, Apple ID purchase history, and connection logs. Advanced Data Protection (which would prevent this) is opt-in and most users never enable it. Apple complied with 93% of government data requests in H2 2020. In 2022 Apple admitted providing user data to hackers who forged emergency law enforcement requests. Default iCloud backups contain messages, photos, health data, and location history — all accessible to Apple and law enforcement.
What they claim: Apple markets iPhone as having industry-leading security with hardware protections including Pointer Authentication (PAC) and kernel memory protection (KTRR/PPL).
What we found: Operation Triangulation (discovered by Kaspersky, active since 2019) exploited four zero-day vulnerabilities including CVE-2023-38606 — which used undocumented hardware registers in Apple SoCs not found in any device tree, firmware, or source code. Kaspersky stated: 'We have no idea how attackers would know how to use this undocumented hardware feature.' Additionally, CVE-2025-31201 bypassed Pointer Authentication entirely, and CVE-2025-24085 compromised CoreMedia. Apple has patched at least 9 zero-day vulnerabilities exploited in the wild in 2025 alone, including CVE-2025-43529 used in 'extremely sophisticated' targeted attacks.
What they claim: iOS system includes HEALTH_RECORDS, HEALTH_SHARE, HEALTH_UPDATE, and MOTION_AND_FITNESS permissions. Apple's health privacy page claims: 'Apple minimizes data collection by processing as much of your health data on your device as possible.'
What we found: While Apple encrypts health data on-device, the September 2021 GetHealth breach exposed 61 million fitness tracker records including Apple HealthKit data — names, dates of birth, weight, height, gender, and geolocation in plain text. Apple HealthKit appeared 17,764 times in a limited sampling. Health data in iCloud backups (without Advanced Data Protection, which most users don't enable) is accessible to Apple and law enforcement. The Apple Research app separately asks users to share health data for studies, creating another data exfiltration path. Apple's privacy guarantees end the moment users share health data with any third-party app.
What they claim: Apple's Siri privacy page states: 'Siri is designed to protect your information.' Apple's privacy marketing promises data minimisation and user control.
What we found: Apple agreed to a $95 million class action settlement (Lopez v. Apple Inc.) after a whistleblower revealed Apple employed human contractors to review Siri recordings — approximately 1,000 recordings per day per reviewer — including private conversations captured by accidental activations. Contractors heard medical discussions, business deals, and intimate encounters. Apple initially denied the practice. The settlement covers Siri-enabled devices from 2014-2024. In October 2025, French data protection authority CNIL opened a separate investigation.
What they claim: Apple privacy policy states: 'We strive to collect only the personal data that we need.' Apple markets iPhones as designed with privacy as a core value.
What we found: Firmware analysis reveals 20 hardcoded Apple endpoints including metrics.apple.com, metrics.icloud.com, idiagnostics.apple.com, pancake.apple.com, and xp.apple.com — dedicated telemetry and diagnostics infrastructure. iOS device analytics collect hardware specs, performance statistics, app launch times, battery state, cellular signal strength, and usage patterns. The opt-out process requires navigating to Settings > Privacy & Security > Analytics & Improvements — a multi-step process most users never complete. Significant Locations is enabled by default, silently recording everywhere you go, how long you stay, and when you were there.
What they claim: Apple states it collects motion data only when apps request it and with user permission
What we found: Apple is engineering an anti-snatching feature that uses continuous accelerometer and gyroscope monitoring to detect sudden grabs and lock the device. This means motion sensors are always listening — not just when an app asks.
What they claim: Apple claims to deliver notifications as sent by app developers
What we found: Apple is using on-device AI to summarise, reorder, and rewrite push notifications before users see them. Messages from apps are altered without the sender's or receiver's consent — Apple decides what you read and in what order.
What they claim: Apple markets iPhone as repairable and sustainable. Apple's environmental commitments include extending device lifespan.
What we found: iFixit teardown confirmed software-locked parts pairing — replacing the screen, battery, or camera modules triggers warnings and may disable features unless the replacement is serialised through Apple's proprietary system configuration process. This requires Apple-authorised service or Apple's proprietary tools. Independent repair shops cannot fully restore device functionality after component replacement. The always-on cellular baseband processor (Qualcomm Snapdragon X70) operates with an independent power domain, meaning it may communicate even when the user believes the device is powered down.