Apple is facing a new Hide My Email lawsuit, and it does not look good. A proposed class-action suit claims the company sold customers privacy promises it couldn’t deliver on.
The suit says Apple knew about a certain flaw in its address-hiding feature for more than a year, but kept marketing Hide My Email as airtight privacy the whole time.
Hide My Email lawsuit: What’s actually being alleged
The proposed lawsuit turns a technical bug into a test of Apple’s most valuable brand promise: that privacy is a legitimate product feature. Even without evidence that the flaw was ever exploited, the case argues that the Hide My Email bug matters because Apple sold peace of mind and failed to deliver.
California resident Anthony Alvarez filed the lawsuit Wednesday in the U.S. District Court for the Northern District of California. Alvarez v. Apple Inc. accuses Apple of false advertising, fraud, breach of contract and violation of California’s consumer-protection laws.
“Apple promised Hide My Email as a privacy feature customers paid for, whether directly through iCloud+ or indirectly through Apple’s product-wide privacy representations, and failed to deliver it,” the suit says. “Worse, Apple has been fully aware of this problem for over a year and has not fixed
it.”
Alvarez says he bought an iPhone and signed up for a 200GB iCloud+ plan back in March 2025. His argument is pretty straightforward: He wouldn’t have paid for it if he had known Hide My Email could fail.
That’s the crux of the case. Alvarez isn’t saying that his actual email address was leaked or targeted with spam. In the complaint, he characterizes his injury as financial — he paid for privacy Apple couldn’t guarantee.
Who would the class action include?
The lawsuit wants Apple to cover four types of people. That includes a nationwide class of customers who purchased Apple hardware and used Hide My Email, and a California-only version of the same group. The other two classes include iCloud+ subscribers split between nationwide and California.
The complaint claims all these classes represent more than $5 million in damages without walking through the math behind the number.
Alvarez also wants a jury trial and is asking for a judge to force Apple to either fix Hide My Email or clearly spell out its limitations.
The flaw behind the Hide My Email lawsuit
Here’s the backstory. A security researcher named Tyler Murphy flagged a Hide My Email vulnerability in June 2025. Apple acknowledged the report a month later, according to a report by 404 Media.
Hide My Email works by generating random addresses that forward to your real inbox. You get it for free through Sign In with Apple and have the option to unlock more aliases with iCloud+.
But the whole point is that nobody — not the app, not the website, not anyone — should be able to trace those aliases back to you. And that’s exactly what’s broken.
A fix that didn’t take
In March, Apple said it fixed the problem with a system change. But when Murphy tested the fix, he said the flaw was still very much there. Following this, Apple reportedly told him a real fix would arrive in a future security update.
The vulnerability didn’t become public until July 1, when 404 Media confirmed it could still connect a Hide My Email alias to the real account. The outlet held back the technical details, but said Apple failed to patch the bug.
Still, it’s worth noting that nobody has come forward with a confirmed case of the flaw being used. The lawsuit landed just two weeks after the story broke, which is really fast, even by class-action standards.
The complaint also points out a separate 2023 report that claimed Apple’s randomized Wi-Fi address feature suffered from similar problems for years. It paints Apple’s failure to address these security concerns as a pattern, not a one-off glitch.
For now, this is only one side of the story making its way to the courts. But Apple built its entire brand on privacy you don’t have to worry about — and a flaw like this just chips away at that.


