Apple accused misleading users about Hide My Email’s privacy protections

0
1
Apple accused misleading users about Hide My Email’s privacy protections


A California Apple user has filed a proposed class action accusing the company of misleading customers about Hide My Email’s privacy protections. Here are the details.

Apple sued over alleged Hide My Email flaw

A few days ago, 404 Media reported that Apple had been aware for more than a year of an alleged flaw that could expose the real email addresses behind Hide My Email aliases.

Apple’s Hide My Email feature lets users create unique, randomly generated email addresses that forward messages to their personal inbox, allowing them to sign up for apps, websites, and newsletters without sharing their real address.

It is available for free through Sign in with Apple, while a broader version included with iCloud+ plans starting at $0.99 per month lets users create aliases for websites, newsletters, and other services.

According to 404 Media, a security researcher alerted Apple in June 2025 to a flaw that could reveal the real email addresses behind Hide My Email aliases.

Apple acknowledged the report about a month later but allegedly left the issue unresolved. In March 2026, the company said it had addressed the flaw, but the researcher found that the vulnerability remained exploitable.

From 404 Media:

At the end of May, Apple said it was planning to address the issue in a future security update “expected in the coming weeks.” Murphy then contacted 404 Media on Monday and provided details of the issue and his statement saying, “We don’t know why it hasn’t been fixed, but we don’t feel comfortable waiting any longer.”

Back to the lawsuit (via MacRumors), the plaintiff, Anthony Alvarez, says:

Apple has known of the problem for over a year, and the flaw remains unfixed to this day—all while Apple continues to profit from Hide My Email and from its promises of privacy.

Plaintiff is one of the millions of customers who paid Apple for iCloud+ and relied on Apple’s representations that Hide My Email would keep his personal email address hidden.

Plaintiff and Class Members paid Apple for their privacy—iCloud+ subscribers though the price-premium built into iCloud+ subscription fees, and all Apple customers through the price premium built into Apple products that Apple markets as including enhanced privacy protections and features such as Hide My Email.

The lawsuit also claims this is not an isolated incident, citing a 2023 report that found Apple’s randomized MAC address feature could expose users’ real hardware identifiers.

It also alleges that the combined value of the proposed class members’ claims exceeds $5 million, excluding interest and legal costs, though it does not explain how that figure was calculated.

Alvarez filed the lawsuit both on his own behalf and on behalf of other Apple customers he says were similarly affected. He is asking the court to certify the case as a class action covering four proposed groups of users:

  • A nationwide class of Apple customers who purchased a device and used Hide My Email;
  • A California subclass of those users;
  • A nationwide subclass of iCloud+ subscribers who used the feature;
  • A California subclass of iCloud+ subscribers.

He is demanding a jury trial and, in addition to financial compensation in an amount to be determined, is asking the court to require Apple to either fix Hide My Email or clearly disclose its limitations.

Apple has yet to comment on the lawsuit.

Do you think this class action should be certified? Let us know in the comments.

Worth checking out on Amazon

FTC: We use income earning auto affiliate links. More.