LAS VEGAS – Concerns over data privacy are gaining traction as new research reveals that Apple’s artificial intelligence ecosystem, Apple Intelligence, transmits sensitive user data to its servers beyond what is stated in its privacy policies. This finding, presented by Israeli cybersecurity firm Lumia Security during the 2025 Black Hat USA conference, raises alarms regarding the extent of data shared by users through Siri, Apple’s widely used voice assistant.
The investigation indicated that Siri regularly uploads the content of dictated messages and commands – including communications from WhatsApp – to Apple servers, which may occur even when such transmissions are unnecessary for fulfilling user requests. The data flows were found to occur outside of Apple’s touted Private Cloud Compute, designed to enhance user privacy.
Lumia senior security researcher, Yoav Magid, highlighted that Siri not only retrieves weather-related app data but also sends comprehensive location information with every request, even when it is irrelevant. The research noted that audio playback metadata, such as song titles and podcast names, are similarly transmitted to Apple servers without user awareness.
Most strikingly, messages sent through Siri to apps like WhatsApp raise vital questions about the integrity of end-to-end encryption, as data transmits via Apple’s infrastructure before reaching its final destination. Research revealed that even if users disable certain settings, data transmission to Apple servers persists, prompting inquiries about the necessity of such communication. Apple has since expressed disagreement with Lumia’s findings, attributing these processes to third-party app interactions with SiriKit.