Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Siri Shortcuts can be used to steal and send personal data, developer warns

Last updated

iPhone and iPad owners should be careful about which Shortcuts they run in iOS 12, since malicious app creators could use them to scrape valuable data, a developer warns.

An example shortcut is capable of scooping up contacts, browser history, app usage, names typed in Messages, and even file contents, according to one of the developers of the iPad programming app Codea. Critically the shortcut masquerades as a memory cleaner, but in truth it compresses data, uploads it, then sends a link to an attacker via Messages.

"You couldn't expect a reasonable user to know what they were agreeing to run when receiving an Apple-hosted link to this shortcut," said Simeon of Two Lives Left. "With automatic scheduling of shortcuts you could possibly trick someone into running a key logger."

Simeon noted that he's shared this information with Apple in the hopes of improving security. Given that Apple doesn't host all possible shortcuts, at present, it is impossible for Apple to guarantee security of all of the content produced, without clamping down on what the feature can do.

Shortcuts and their accompanying iOS app were introduced alongside iOS 12 in September. Users can build automations of regular tasks, such as an "I'm driving home" shortcut that launches Apple Maps, puts in the right directions, and starts playing NPR. Such shortcuts can be triggered quickly through a widget or Siri voice commands.

Apps can offer to enable their own shortcuts, but while they require permission, they don't necessarily identify all of the actions they plan to run.

For Apple Shortcuts are one way of competing with rival AI platforms, creating a Siri equivalent of Amazon Alexa's "skills." The company's strict privacy focus means that it taps on-device data processing whenever possible.



4 Comments

gutengel 363 comments · 7 Years

I always check the shortcuts before running them on my phone, but sometimes you get very complex ones, like download YouTube video. Those get trickier to understand and catch sketchy commands.

mistertrick 12 comments · 10 Years

would also be nice if they fixed the app since every time I try to run a Siri shortcut by voice the app crashes, especially when in the car where I don't exactly have time to whip out the phone to do it manually

ihatescreennames 1977 comments · 19 Years

would also be nice if they fixed the app since every time I try to run a Siri shortcut by voice the app crashes, especially when in the car where I don't exactly have time to whip out the phone to do it manually

On the flip side I use Siri to initiate Shortcuts every day, multiple times and have yet to have an issue. Just setting and disarming my alarm system via Siri Shortcuts happens several times a day itself and that’s just one of the shortcuts I use. 

harry wild 808 comments · 11 Years

I never use Siri any more it to stupid! Use Amazon Alexa and Google Assistant!