Hide My Email lawsuit seeks payout without alleging any attack


A proposed class action is trying to turn Apple’s unresolved Hide My Email flaw into a nationwide payout without alleging that the vulnerability was used in an attack or that the plaintiff’s email address was exposed.

Anthony Alvarez filed the lawsuit against Apple on July 15 in the U.S. District Court for the Northern District of California. The complaint accuses the company of false advertising, fraud, breach of contract, and other violations tied to its marketing of Hide My Email.

The filing argues that Apple sold customers privacy it couldn’t provide. The claims cover the full version included with paid iCloud+ plans and the more limited relay addresses generated through Sign in with Apple.

Alvarez seeks to represent four proposed classes covering U.S. Apple customers, including two California subclasses. The lawsuit seeks damages and an order requiring Apple to fix Hide My Email or clearly disclose its limitations.

The allegations haven’t been tested in court, and no class has been certified.

A real flaw, but no alleged attack

Security researcher Tyler Murphy discovered the flaw and reported it to Apple in June 2025. The vulnerability became public on July 1 after the problem remained unresolved for more than a year.

Apple said in March 2026 that a system change had addressed the issue, but Murphy’s testing showed that the vulnerability remained. Apple later told Murphy that it planned to address the problem through a future security update.

404 Media independently confirmed on June 29 that the vulnerability could connect a Hide My Email relay address with the real email account behind it. The publication withheld the technical details because the flaw could still be exploited.

Apple deserves criticism for apparently leaving the problem unresolved while continuing to advertise Hide My Email as a privacy feature included with iCloud+. A feature designed to conceal a personal address loses much of its value when another person can trace the relay address back to the account behind it.

However, neither the complaint nor the public reports identify a known malicious attack using the flaw. Alvarez doesn’t allege that anyone uncovered or misused his email address, sent him unwanted messages, or otherwise exploited the vulnerability against him.

Alvarez’s claimed injury is financial. The complaint says he bought an iPhone and subscribed to the 200GB iCloud+ tier on or around March 15, 2025, and that he wouldn’t have paid as much had he known Hide My Email could fail.

The lawsuit extends that overpayment theory to four proposed classes, including people who bought Apple hardware and used the bundled version through Sign in with Apple.

A narrow flaw becomes a sweeping damages claim

The iCloud+ theory is relatively straightforward because Apple explicitly includes Hide My Email with a paid subscription. Customers paying for that subscription can expect the feature to perform the function Apple advertises.

The hardware claim is more ambitious. The complaint, first reported by MacRumors, tries to attribute part of an iPhone or Mac‘s price to Hide My Email without explaining what the feature was worth or how a court could separate that value from everything else included with the device.

Apple markets privacy as a reason to choose its products, so a prominent privacy failure can damage customer trust even without a documented attack. However, the Hide My Email flaw doesn’t automatically prove that every affected customer overpaid for an entire Apple device.

The lawsuit arrived 14 days after the vulnerability became public. The broad proposed classes and the absence of any alleged attack against Alvarez make the case look like ambulance chasing.

Apple mishandled a real privacy flaw, and customers shouldn’t have to wait for an attack before the company fixes it. Still, the lawsuit looks more like an attempt to monetize a newly publicized risk than compensation for proven misuse.



Source link

Leave a Reply

Subscribe to Our Newsletter

Get our latest articles delivered straight to your inbox. No spam, we promise.

Recent Reviews


After months of rumors and two keynote events in May 2026, Google has finally released Android 17, the stable version. It’s rolling out to eligible Pixel devices today, including models in the Pixel 6 lineup, all the way to the latest Pixel 10 series.

The stable build contains plenty of features showcased at The Android Show and Google I/O, but if you were hoping to get your hands on Gemini Intelligence, that will ship later this summer to “select advanced devices.” With that out of the way, here’s what Android 17 offers at launch.

So what’s actually new in Android 17?

The most immediately useful addition is Bubbles, a feature that lets you access a select number of apps in the form of a floating window over another app or a circular app icon on the screen when minimized. 

You can access the feature by long-pressing an app icon and selecting the Bubble option. It’s best suited for your two or three-app workflows, letting you access them one after the other with a single tap on the screen. On foldables and tablets, bubbles dock into a dedicated bar at the bottom of the display. 

Android 17 also gets Screen Reactions, a feature that lets you record your phone’s screen along with your face (via the front-facing camera) simultaneously. It’s primarily for content creators, who can now make reaction videos without opening an editing app. 

What about gaming, security, and everything else?

On the gaming side, foldables get a new 50/50 layout with the game view up top and a dynamic gamepad below. Google has also made memory cleanup more efficient, so that gamers don’t experience frame drops and stutters while playing demanding video games. 

Security gets a meaningful upgrade with features like temporary location permissions and contact-level sharing controls (vs. sharing the entire address book). The Mark as Lost feature in the Find Hub now locks your phone via biometrics so nobody can unlock and reset it with the passcode.

Google also caps PIN guessing, with longer wait times between failed attempts. Rounding out the Android 17 update are hidden app names on the home screen, a dedicated volume slider for your AI assistant (Gemini on Pixel phones), Parental Controls expanding to all Android devices, and app memory limits for preserving system resources.  

Today is the day 👀

— Android Developers (@AndroidDev) June 16, 2026

While Pixel phones are the first to get the update, expect other OEMs to announce their Android 17-based updates in the coming weeks. Samsung, for instance, is expected to roll out One UI 9 at the second Galaxy Unpacked event of the year, rumored to take place on July 22, 2026. Other brands like OnePlus should follow soon.



Source link