Apple was hit with a class action lawsuit this week over a reported flaw in its Hide My Email feature, which could expose users' real email addresses. The proposed class action alleges that Apple violated California's false advertising law and other consumer protection statutes by knowingly offering a feature that does not work as advertised. The lawsuit centers on a vulnerability disclosed to Apple in June 2025 by a security researcher.
Hide My Email is a privacy feature available to iCloud+ subscribers, allowing them to generate random, disposable email addresses to shield their real inbox when signing up for services. However, the alleged bug could bypass this protection and reveal the original address. While no instances of active exploitation are known—since the technical steps have not been made public as a precaution—the mere risk has prompted legal action. Apple has released several software updates since the disclosure, including the recent iOS 27 public betas, but the flaw remains unpatched.
Sponsored Protocol
Class Action Alleges False Advertising
The complaint, filed in a California court, argues that Apple marketed Hide My Email as a robust privacy tool while being aware of its weakness. The plaintiffs seek damages for all affected iCloud+ subscribers, claiming that Apple profited from subscriptions based on a deceptive promise. This case echoes previous consumer lawsuits against Apple over privacy features, highlighting the increasing scrutiny on tech giants' security claims.
Bug Reported in June 2025 but Not Fixed
The security researcher contacted Apple in June 2025 with full details of the vulnerability. Despite Apple's acknowledgment, no patch has been issued. The researcher eventually collaborated with a law firm to file the lawsuit, frustrated by the lack of response. Apple's silence contrasts with its usual stance on responsible disclosure, raising questions about its commitment to user privacy. The company has recently been proactive in suing others, such as its trade secrets lawsuit against OpenAI, but now faces a legal challenge on its own turf.
Sponsored Protocol
Impact on iCloud+ User Privacy
Hide My Email is used by millions to avoid spam and protect online identity. If the flaw is confirmed, it could undermine trust in Apple's privacy ecosystem—a key selling point for iCloud+. Activists, journalists, and ordinary users who rely on this feature may find their real addresses exposed. The lawsuit could force Apple to disclose more details about its internal vulnerability management processes. For more on Apple's legal battles, see the article on iOS 27 betas and the OpenAI lawsuit. To understand Hide My Email, visit the Wikipedia page on iCloud.
Source: https://www.macrumors.com/2026/07/16/apple-sued-over-reported-hide-my-email-flaw