- Privacy: First, managed workplace Macs are gathering data concerning apps used on personally-owned iPhones, which can be a privacy failure and could be a bigger problem in some contexts. (For instance, an employee in an authoritarian state in which use of VPN or LGBTQ apps is proscribed might find their app use shared by this bug, with potentially serious consequences.)
- Compliance: The second problem concerns regulatory compliance: If a compliance audit tool picks up use of an unauthorized iPhone app on a corporate network, which they will do due to the architecture of this bug, IT will be forced to explain and look into that use. This poses enterprise-wide compliance challenges, and also means admins could be forced to waste time on what should be a relatively trivial problem.
The iPhone Mirroring SNAFU isn’t a problem for smaller firms that don’t use device management or compliance tools, as in theory at least, the information gathered is not made available to anyone but the registered Apple ID/user of a system. Though the fact the data exists at all might pose an additional attack surface for data exfiltration.
What is the problem?
The snag was first spotted in late September by Sevco Security, a company that does not develop for the Mac. It found that when iPhone Mirroring is used, any iPhone app creates an entry in a library item on your Mac. Effectively that is because the Mac treats these apps as native Mac apps, even though they are being run on iPhone.
You can read an in-depth account of the behavior courtesy of Sevco (above), but essentially if you run the mdfind CLI (Command Line Interface) in Spotlight you should see a complete list of both iPhone and Mac apps run on the Mac. You usually can only see the Mac apps used, but with iPhone Mirroring you now see iPhone apps, too. That information is then maintained in a deeply-stashed library file on the Mac, which most users will never see.
