With iOS 12, Apple introduced Siri Shortcuts which was basically the company’s take on the Workflow app that they had previously acquired. Siri Shortcuts allows users to create shortcuts for certain actions, kind of like macros. The best part is that anyone can create a Siri Shortcut and share it with others.
However it seems that maybe we shouldn’t get ahead of ourselves just yet. In a post on Twitter (via Cult of Mac), developer Simeon Saëns revealed how he was tipped off by Avimanyu Roy on how Siri Shortcuts has the potential to steal personal information from the user. He points at how a Shortcut disguised as a memory cleaner compiled names, zipped the data, and sent it to the attacker via iMessage.
We suppose this revelation doesn’t come as a complete surprise. Given that unlike iOS apps, there isn’t really any oversight on the Shortcuts that are made and shared online, especially since Shortcuts can be found and installed from a variety of places. Saëns adds that he has since reached out to Apple and disclosed his findings, but how the company plans on going about addressing this issue is unclear.
In the meantime if you are fond of searching for and installing third-party Shortcuts, it’s probably best to exercise some caution by combing through the comments and seeing what others have said about it.
I’ve just been made aware (by @AvimanyuRoy3) that it is trivially easy to steal highly sensitive & personal information from an iPhone via Shortcuts
Just browsing through the malicious Shortcut is mind blowing
You'll be unsettled what your phone has on you /1
— Simeon (@twolivesleft) January 23, 2019