Skip to content
logo The magazine for digital lifestyle and entertainment
Apple Data protection E-Mail iOS iPhone MacBook macOS All topics
Warning for iCloud+ Users

Apple Users Should Avoid This Feature for Now

Close-up of a turquoise Apple logo on a white, finely ribbed surface. The logo is slightly transparent and centered in the image.
Apple's Privacy Feature Criticized Over Reported Security Flaw Photo: Getty Images
Share article

Anyone using Apple’s “Hide My Email” feature for app registrations, online services, or newsletters should be cautious right now. The feature is designed to prevent your email address from being shared with providers. Instead, a randomly generated alias address is used, which forwards incoming messages to your actual inbox. However, this protection does not seem to work as intended in all cases.

Security Flaw in Apple’s Mail Alias

With “Hide My Email,” Apple creates random alias addresses. Emails are forwarded to the actual inbox without shops, apps, or other services seeing the real email address. A reported security flaw, however, seems to challenge this principle.

According to a report by the online magazine “404 Media,” security researcher Tyler Murphy, co-founder of the privacy service Easy Opt Outs, has found a way to associate Apple aliases with the underlying real email addresses. Murphy reportedly informed Apple about the issue back in June 2025. The company has reviewed the notice multiple times, but no apparent solution was available at the time of publication.

More on the topic

Test Confirms the Issue

The security flaw was also verified by the “404 Media” editorial team. They used their own hidden email address for testing. Murphy was then able to correctly determine the associated real address.

Also of interest: Is This the Biggest Apple Leak in History?

The detailed workings of the method are deliberately not described. The flaw is reportedly still exploitable. Publishing the technical details could further increase the risk.

Why the Flaw Is Problematic

Those using an alias address typically want to prevent a service from storing the actual email address or linking it with other accounts. If this association is successful, the protective function loses its primary purpose. Instead of obscuring identity, the alias could itself become a clue to the person behind an account.

Murphy also justifies the publication of his findings. Users should know that they may not be able to fully rely on “Hide My Email” at present. This is especially true if users employ the feature not only to protect against spam but also to separate different profiles or sign up for less trustworthy services.

Until Apple addresses the reported security flaw, users should not consider the feature a reliable protection. There is no official statement on the allegations yet, according to 404 Media.

This article is a machine translation of the original German version of TECHBOOK and has been reviewed for accuracy and quality by a native speaker. For feedback, please contact us at info@techbook.de.

You have successfully withdrawn your consent to the processing of personal data through tracking and advertising when using this website. You can now consent to data processing again or object to legitimate interests.