Apple bug allowed iPhones to inadvertently record Siri interactions
The flaw stored Siri recordings even if a user had opted out
Apple has fixed an iOS bug that caused Siri to record interactions with users, even if they had opted out.
The company reportedly introduced a bug in iOS 15 that automatically opted users into the Improve Siri & Dictation setting, allowing Apple to record and review their Siri interactions. The flaw enabled the setting even when the user opted not to share them.
After discovering the bug, Apple fixed it in iOS version 15.2 while simultaneously turning off the setting for "many" Siri users. It reintroduced the setting in version 15.4, which is currently in beta. Users who install the update will be asked once more if they'd like to opt into sharing Siri interactions.
Apple said in a statement that it had deleted the recordings that it took by mistake.
Apple launched the opt-in feature for Siri recordings in 2019 after investigators found that it had been recording interactions without users' permission. It was sending those recordings to independent contractors who analyzed them to improve performance.
Siri, which can be triggered accidentally, had mistakenly recorded people having sex and doing drug deals, reports said, while some recordings contained identifiable details including a person's name.
Vulnerability and patch management
Keep known vulnerabilities out of your IT infrastructure
Apple also removed 300 contractors when it temporarily shuttered the recording review program, which it calls 'grading'.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
However, one of Apple's former contractors, Thomas Le Bonniec, warned the following year that he believed Apple was still recording calls without people's permission. Customers later sued the company, and in September 2021 a judge denied its request to throw out the case.
Danny Bradbury has been a print journalist specialising in technology since 1989 and a freelance writer since 1994. He has written for national publications on both sides of the Atlantic and has won awards for his investigative cybersecurity journalism work and his arts and culture writing.
Danny writes about many different technology issues for audiences ranging from consumers through to software developers and CIOs. He also ghostwrites articles for many C-suite business executives in the technology sector and has worked as a presenter for multiple webinars and podcasts.