Apple's privacy feature designed to protect your email address appears to have a serious flaw. The "Hide My Email" service, part of Apple's iCloud+ subscription, creates temporary email addresses so users can keep their real addresses private when signing up for apps and websites. Researchers discovered the feature leaks your actual email address in certain situations, and Apple has reportedly known about the problem for more than a year without fixing it.
Security researcher Tommy Mysk identified the vulnerability. When you use Hide My Email to create a masked address, some apps and websites can still access your real email through the device's notification system or other technical workarounds. This defeats the entire purpose of the privacy protection parents and teens rely on when creating accounts online.
The timing matters for families. Many parents use Apple's privacy tools to help their children browse safely and maintain email privacy. Some teenagers use Hide My Email to control their digital footprint and manage which companies have their real contact information. This flaw puts both groups at risk.
Apple offers Hide My Email as part of iCloud+ subscriptions, which cost $2.99 monthly for 50GB of storage plus additional privacy features. Parents considering this service for family account protection should know the feature doesn't work as advertised. The company has not publicly acknowledged the vulnerability or announced a fix.
For now, families should treat Hide My Email as unreliable for genuine privacy protection. If you've used masked addresses to sign up for apps or services, review your account settings on those platforms. Consider whether apps have legitimate reasons to know your real email before using Hide My Email in the future. Apple's Support page for Hide My Email doesn't mention this limitation, creating a false sense of security for users who believe their real addresses remain hidden.
