Apple has a new policy on how the data on your device will be used to train its AI features. iMessage phishing scams seem to work because they’re still thriving worldwide. Google may say it’s cracking down on ad spam, but they don’t seem to be able to prevent it from proliferating. And buying a refurbished phone may save you some money, but we’re here to remind you of some other factors also worth considering.
If you like the Intego Mac Podcast, be sure to follow it on Apple Podcasts, Spotify, or Amazon.
Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you’re ready to buy.
Get Apple security news delivered straight to your inbox, for free. Intego’s twice-monthly newsletter will keep you informed about Apple-related privacy and security, along with tips and tricks for getting the most out of your Mac or iPhone. Subscribe for free—no strings attached.
Voice Over 0:00
This is the Intego Mac podcast—the voice of Mac security—for Thursday, April 17, 2025. This week’s Intego Mac Podcast security headlines include: Apple has a new policy on how the data on your device will be used to train its AI features. iMessage phishing scams seem to work because they’re still thriving worldwide. Google may say it’s cracking down on ad spam, but they don’t seem to be able to prevent it from proliferating. And buying a refurbished phone may save you some money, but we’re here to remind you of some other factors also worth considering. Now here are the hosts of the Intego Mac podcast. Veteran Mac journalist Kirk McElhearn and Intego’s chief security analyst, Josh Long.
Kirk McElhearn 0:51
Good morning. Josh, how are you today?
Josh Long 0:53
I’m doing well. How are you, Kirk?
Kirk McElhearn 0:55
I’m doing just fine. So I guess we have to talk about AI before we talk about what Apple is going to do with the data on your device, a couple of articles have pointed out that Apple has changed their terminology on their website. Instead of saying hello Apple Intelligence, they’re now saying built for Apple Intelligence when you look at the new iPhone 16 models, for example. Now there’s two ways to look at this. The cynical way is to think, well, we’re not saying whole Apple Intelligence because we haven’t delivered on what we promised. But the other way of saying it is, well, we’ve already delivered a bunch of stuff, maybe not everything. So it’s built for Apple Intelligence, for the Apple Intelligence that already exists, and the Apple Intelligence to come.
Josh Long 1:38
It’s not Hello anymore, because it’s not brand new. It’s like we already have Apple Intelligence, or at least some parts of it. And so it’s a continuation. We are continuing on with Apple Intelligence.
Kirk McElhearn 1:51
So old that there are already multiple class action suits about it. Yes, well, we reported on this a couple weeks ago. There are now three suits against Apple for over promising and under delivering is how you say it. So I said a moment ago, they’re going to start looking at the data on your device to train their AI model. Their tentacles are going into your iPhone and analyzing your emails in order to build their AI technology. Is that a good description, Josh?
Josh Long 2:19
Well, that sounds pretty terrifying. I don’t really want tentacles on or in my digital tentacles. Yes, it still sounds a little creepy. So let’s break this down a little bit. Apple actually released a report about this on their machine learning.Apple.com site. It’s titled Understanding aggregate trends for Apple Intelligence using differential privacy, which, if that puts you to sleep already. Well, that’s understandable. Mark Gurman breaks this down in a Bloomberg article, and basically explains that what they’re trying to do here is better train their AI without actually using your data and sending your data off to Apple. So Apple has a set of sit what they call synthetic information that they’re using to train their AI models. This synthetic data is similar to what they expect that they will see on real world devices. So what Apple is planning to start doing with the point five releases, so which are in beta right now, and they’re probably going to start beta testing this specific new feature in the next versions of the beta, they’re going to start comparing the synthetic data with actual data on devices in order to inform Apple. Okay, these sets of synthetic data are closest to what we’re seeing on real world devices, so the only information that’s actually getting reported off device back to Apple is this set of synthetic data is most similar to what we’ve seen on real world devices, so they’re not reporting on exactly what they’re seeing. They’re not reporting on any of your actual data. They’re only going to be reporting on what synthetic sets are most similar to real world devices.
Kirk McElhearn 4:12
So the devices will be doing a comparison between synthetic and real, and it will say this one is 80% similar to real, and this one’s 40% similar to real, etc. While you were talking, I ran to get my iPad, which is running the 18.5 beta. Now, if you go to Settings Privacy and Security and then analytics and improvement, you have a whole section where you can share iPad analytics, share iCloud analytics, improve Siri and dictation and improve assistive voice features. So I guess the closest thing here would be share iCloud analytics. So if you turn this on, it will help Apple improve its products and services, including Siri and other intelligent features, by allowing analytics of usage and data from your iCloud account. That sounds like it would cover the. Siri in dictation, talks about sharing audio recordings and transcripts of your interactions with Siri. So that’s different, because here we’re talking essentially about emails. So if you don’t want Apple’s digital tentacles in your device, you might want to turn this setting off.
Josh Long 5:14
Apple does frequently pair up Apple Intelligence and Siri in settings, though. So if you don’t really want any analytics getting reported to Apple, you can just turn off every single category here, which is what I do. By the way, if you are running betas, you need to make sure that you check this regularly, because very often, when you install a new beta, it will turn on some of these analytics settings again, and that’s with intention, and they do tell you about that. As soon as you install the beta, it’ll say, Hey, we’ve turned on some some analytics things again, if you want to, you can turn that back off, but I recommend just turning all these things off, because, you know, you don’t really need to be reporting this to Apple. 99% of people are never going to turn this stuff off, and so Apple is going to get all the information that they need in order to improve their products and services, without your particular device being one of the ones that’s reporting back.
Kirk McElhearn 6:10
In addition, this is the, well, we don’t have really a distinction between the developer beta and the public beta anymore, because you don’t have to pay for a developer account, but this is the developer beta and the public beta isn’t actually released yet, since you don’t pay for it, I don’t know why they make a difference between the two. Maybe it’s just saying that the developer beta is slightly more risky than the public beta.
Josh Long 6:31
Yeah, I kind of look at it like you have browsers, for example, that are Canary versions, which is like the bleeding edge, like we’re just starting to experiment with this technology, versus the developer beta versus the regular release for everybody. And that’s kind of, I think, what Apple is doing here with these are developer betas, meaning bleeding edge stuff, and then we’ve got public betas, which is like, almost ready for everybody else.
Kirk McElhearn 7:00
Right? If you choose to put a beta on your device, you get that option between the developer beta and the public beta. And if you don’t want to risk your device, it’s a good idea not to risk your device if you don’t need to, the public beta is probably a lot safer than the developer beta. So don’t get carried away and install the developer betas unless you really need to or like us, we want to know what these features are doing, right? But most people don’t need to do this. We want to just give an update on the discussion about tariffs in our last episode, because this changes every 24 hours, and I think last week, we ended with 145% tariffs on iPhones and other electronic devices the Customs and Border Patrol Service issued a document late Friday evening saying that this tariff, that the additional reciprocal tariff above the base 20% tariff on China, would not apply to things like smartphones and other devices with semiconductors. Then the President came out a couple days later and said, No, that’s wrong. They’re going to get the tariffs, but maybe in a month or two. So we don’t know where this is going, but what we do know is that there is a base 20% tariff which has been imposed. I forget the wording because China is allowing fentanyl to get into United States, whatever. So you don’t have to worry about your 145% tariff on your iPhone yet, but you will have to worry about a 20% tariff. My bet is that Apple will not apply that tariff in the US, that they will eat it from their profit margin or subsidize it from the profit margin around the world. But these tariff discussions have led several websites to publish articles about buying refurbished devices, and we wanted to briefly talk about that, right?
Josh Long 8:42
I saw a video on CNET’s channel talking about how you should buy refurbish tech to avoid tariffs. And the Verge had an article recently, what you should know before buying refurbished gadgets, which was probably inspired by the tariff discussion and all that.
Kirk McElhearn 8:57
None of the Verge article was originally published in 2020 and they’ve just updated. Ah, interesting. But the point about refurbished devices is that they’re already in the country, so they won’t get hit with the tariff.
Josh Long 9:08
There’s a couple of things that we should probably talk about here. So one thing is, as you’ve heard us talk about before on the podcast, you should be careful about buying a device that might be a little bit on the older end of things for a variety of reasons. One, you may not really be getting a good deal, especially if you’re buying from some place, like, for example, Amazon, maybe even eBay. It doesn’t matter where you’re getting it. The reality is that if you’re buying a device that’s more than a year old, you should be expecting to pay a certain amount less for that device if you expect to be able to use it for multiple years. So think about it this way, assume that you can probably get, let’s say, roughly five or six years out of a particular device from the time that it’s new right before Apple two. Cuts it off from getting the latest iOS updates. So based on that, you should probably figure that well, if I’m buying a device that’s one or two generations old, I should probably expect to pay a little bit less. You might be actually paying more for it. It’s not very common that you’ll really get that big of a discount, but that’s how I like to think of it, at least in ballpark terms of how much you should probably be paying for device if you’re planning on using it for that full five or six years, whatever the rest of its lifespan is.
Kirk McElhearn 10:33
Apple generally applies a 15% discount to refurbish devices. This varies on the device and the age of the device. Now we looked on Apple’s websites in the US, the only refurbished iPhones. They have our iPhone 14 models in the UK, they have 1314, and 15. So you have older devices, which are actually cheaper. You can buy an iPhone 13 with 128 gigs of storage for 419 pounds. Now it launched at 499 so you’re saving a little bit more than 15% but still, that’s pretty cheap, 419 pounds, and you know, it’s the iPhone 13, that much worse than the iPhone 16. I wouldn’t you know, it’s hard to compare, but if you’re in the US and you want a refurbish device, you’re limited right now to the iPhone 14, but you can, of course, buy refurbish devices from other companies.
Josh Long 11:22
My advice is just be careful, especially if you’re buying from a third party, right? If you’re buying it from and sold by Amazon, that’s a different story from buying from a third party seller on Amazon, for example. Also, if you’re buying something on eBay, well, you have no idea really anything about that seller, other than what their their feedback profile indicates, right about whether they’re a reliable seller or not, you really need to be careful. If you’re buying refurbish from Apple, you’re gonna get a meager discount. I would say, I personally wouldn’t buy an iPhone 13 for that kind of price. That’s to me, that’s way too close to the original price point for a device that’s already a few years old.
Kirk McElhearn 12:04
But you get an Apple guarantee. You can also get an iPhone 13 mini if you want a small phone. But all the models here that have 512, gigabyte storage, so that puts them up to 639 pounds. Although the original price was 979 you’re saving 340 you’re saving almost a third off the price. If you really want a small iPhone, it’s the last mini. But again, be aware that there are risks that your device won’t last as long. It won’t support updates to iOS for as long as a newer device. But if you really did a new phone, think about getting a refurb. We’ll see what happens with the tariffs, whether Apple applies them. I think some companies are starting to talk about applying tariffs. Others are pulling their products completely from the US so they don’t have to worry about tariffs. And we’re going to have some articles on the Intego Mac security blog about Android phones coming up soon. And Josh noticed an interesting article about Chinese Android phones that are shipped with fake WhatsApp and telegram apps targeting crypto users. You got to be careful if you buy an Android phone, like buy it from a good company, don’t buy some cheap knockoff just because it’s cheap.
Josh Long 13:09
I figured this would be good to talk about in the context of buying a cheap phone, right? If you’re looking at getting a refurbished phone, you might also be looking at maybe getting an Android phone, and you definitely want to make sure that you’re getting one from a reliable, trusted brand. So like, get a an actual official Google phone, or get a Samsung phone, or one of these other big name brands you don’t want to get, probably something like Shoji, for example, which uses similar names to the popular brands like s 23 Ultra, s 24 Ultra, that sounds very much like a Samsung phone, but at the same time, these Shoji brand, as just one example, might be pre installing some malware. It’s something you really need to be careful about. This is malware that masquerades as WhatsApp or telegram and they actually contain cryptocurrency, what’s called clipper functionality. And they’ve been doing this apparently, since as early as June 2024, it’s been discovered. So this is something you really want to be very careful about. My recommendation again, just just stick to the reliable brands. Don’t go for a cheap model, just because you can get it for a lot cheaper than the name brands. Go with a name brand if you’re gonna get an Android phone.
Kirk McElhearn 14:29
End even some of the name brands sell cheap phones. Google doesn’t have real entry level phones. I believe it the their latest pixel nine a starts at $500 or 500 pounds. But I think Samsung has a bunch of phones that are under $200 so you don’t have you can still buy cheap and get a decent brand. Okay, we’re going to take a break. When we come back, we’re going to talk about scams and privacy stories and more.
Voice Over 14:54
Protecting your online security and privacy has never been more important than it is today. Intego has been proudly protecting Mac users for over 25 years. And our latest Mac protection suite includes the tools you need to stay protected. Intego’s Mac Premium Bundle X9 includes Virus Barrier, the world’s best Mac anti-malware protection, Net Barrier, powerful inbound and outbound firewall security, Personal Backup to keep your important files safe from ransomware. And much more to help protect, secure and organize your Mac. Download the free trial of Mac Premium Bundle X9 from intego.com today. When you’re ready to buy, Intego Mac Podcast listeners can get a special discount by using the link in this episode’s show notes at podcast.intego.com. That’s podcast.intego.com and click on this episode to find the special discount link exclusively for Intego Mac Podcast listeners. Intego. World class protection and utility software for Mac users made by the Mac security experts.
Kirk McElhearn 16:05
I don’t know how many times we have talked about problems with Chrome extensions, but we have an article from Ars Technica saying, researcher uncovers dozens of sketchy Chrome extensions with 4 million installs 4 million. All right, let’s be fair. Chrome is the most widely used browser, so these are dozens of extensions that are hosted in Google’s Chrome Web Store.
Josh Long 16:27
Yeah, so this is something that I we’ve talked about a lot. Again, you need to be careful about any extensions that you’re choosing to install in your browser. My general advice is, don’t install any extensions in your browser unless you know you absolutely need it, or you know for sure that you can trust the developer of that extension. And this is a good example of why many of the extensions in this list sound pretty reasonable. They sound like they might even protect your privacy, but at the same time, they they ask for a lot of permissions that they really shouldn’t and they have access to things like, for example, your cookies. Well, we’ve talked many times about how your cookies can be used to essentially authenticate you to websites. So once you enter your username and password and you put in your second factor credential, now you’re logged into the website, and you stay logged in through cookies. And what many of these extensions have the ability to do is read all of your cookies, which is very concerning, to say the least. Now, the researcher who reported on all of these different extensions has said that he has not yet observed any of these extensions, exfiltrating your cookies, but it’s still something you should be concerned about. Again, just avoid installing third party extensions unless you really, really know that you can trust the developer and you really, really need it.
Kirk McElhearn 17:55
It’s interesting to note the difference between Safari Extensions and Chrome extensions. You can download a Chrome extension from any website, right? You don’t really need to even go to the Chrome Web Store, Safari Extensions, since was it this year or last year, have to be bundled in apps. So if you want to install an extension, the app may be nothing but a wrapper for the extension, but you may have apps that have extensions in them that you don’t even realize. So I’m just looking at my Safari Extensions, and there are some that I have definitely chosen to install on my devices. But there is a one password extension, for example. Now one password used to allow you to download that separately, but you have to have the app to be able to use the extension day one, which is a journaling app. It has an extension Mars edit, which I use for blogging, has an extension and obsidian, which I use for taking notes, as an extension. So you may have a lot of extensions that show up in Safari if you go to settings, extensions that are disabled, right? You have to manually enable them, but you may have a lot of extensions on your device that you don’t even realize Chrome is different because it’s an intentional process to download extensions. In any case, you should probably avoid most extensions. Can we think that extensions in Apple apps are safer than Chrome extensions because they’re part of a bigger app.
Josh Long 19:17
I guess, to the degree that you trust anything that shows up in the Apple App Store, right? Which, again, we know that we’ve seen some really sketchy apps show up in the app store from time to time. So I would say it depends. But if it comes from, again, from a trustworthy developer, for if it’s a developer that you’ve used their app for many, many years, they have a good reputation, then it’s probably an extension that you don’t need to worry too much about.
Kirk McElhearn 19:46
Okay, so Josh found a report from Google, which he is you got kind of irate reading this. Basically it says, Google our 2024, ads safety report. Blah blah blah blah blah AI blah blah blah blah blah blah is. That what it said, Josh?
Josh Long 20:02
More or less. Okay, so you’ve heard me rant before about Google ads and how this is a very common infection vector. Not only do malware developers distribute malware and get it out to people by buying up ads that look very much like legitimate ads from these companies, they’ll create websites that look exactly like the original website of a legitimate company and try to deceive people, and they frequently somehow get past all of Google’s safeguards that they theoretically have in place to prevent this sort of thing from happening, we’ve been seeing this happen for years. Literally years, malware has frequently been distributed through these malicious Google ads. Yes, but Josh AI, yeah, right. So this is what Google says they they title this blog post which links to their full PDF report, which is really not all that much more detailed than the blog post, but they say our 2024 ad safety report shows how we use AI to safeguard customers. They say for years, we’ve deployed our most advanced technologies to safeguard our ads platform from bad actors. For years, interesting that so much malware comes from Google ads then, and they say in 2024 we launched over 50 enhancements to our LLMs, which enabled more efficient and precise enforcement at scale. Whoa, really. That sounds impressive, but it’s actually not. These updates sped up complex investigations, helping us identify bad actors and fraud signals like illegitimate payment information during account setup. This kept billions of policy violating ads from ever showing to a consumer, while ensuring legitimate businesses can show ads to customers faster. This sounds so impressive, right? Like you would think after reading a report like this that Google is doing everything within its power to to protect people and keep them safe, and there must never be any malicious ads, right? Surely, they say they were able to permanently suspend more than 700,000 offending advertiser accounts. Well, permanently. Yes, permanently,
Kirk McElhearn 22:20
So they can’t come back. Well, yes, different with a different name and email address, etc.
Josh Long 22:27
Yeah, that’s the only thing is, of course, the bad guys are probably using automated methods to create accounts in the first place, and so they don’t care that any of these 700,000 accounts are permanently suspended, because they will just automatically generate another account but, but Google says this led to a 90% drop in reports of this kind of scam ad last year. Okay, so here’s the problem with that self reported, and the other thing is this doesn’t this just mean that the bad guys are either creating more legitimate looking scam sites, and so therefore users aren’t realizing they’re getting scammed and therefore reporting these to Google, or they’re just so jaded at this point that they’re like, Oh, this is a scam page. Like, what else is new? We see these on Google all the time, and they just have stopped reporting them. So like this. These are numbers that mean absolutely nothing. And of course, you know, that’s why I got a little bit irate reading this.
Kirk McElhearn 23:31
Okay. Speaking of scams, our producer, Doug got a scam just before we started recording DMV. Final reminder payment required. Now 699 he’s got to pay $6.99 by tomorrow, April 17. This is a scam we’ve been reporting on for months that comes in through iMessage, and it has a URL that says, Please reply. Why? Then exit the text and reopen to activate the link. It’s this is so widespread all around the world. In the US, it was easy pass, and now it’s DMV. Over here in the UK, it’s generally delivery services. It could be Royal Mail or the post office and others. But as you were saying, people were jaded by these scams, so maybe they’re not even bothering to report these or mark them as spam in iMessages anymore. They’re just deleting them because a lot of people know about them. On the other hand, a lot of people don’t. If this is your first time hearing about it and you see one of these, delete it immediately. You don’t owe anyone money, especially not the DMV.
Josh Long 24:24
One thing that, to me is a little bit amusing about this particular scam text message is that even though it says DMV right at the beginning, the URL that they’re using is easy drive Ma, they’re implying that this is one of the Massachusetts toll websites, even though, of course, it’s it has nothing to do with either one, the DMV or the Massachusetts toll website.
Kirk McElhearn 24:48
It’s also worth pointing out that the domain is not just easy drive Ma. It’s easy drive ma.com. Dash, e, i, T, C, Z, dot, top. And we talked about these top level domains. The top level domain is the letters after the final dot, and here there’s a slash, pay. So .com .co.uk. fr .org those are top level domains. So you look at this URL and you see the.com part, then you see the hyphen and the rest of it. And you might think it’s this whatever.com, but it’s really easy drive ma.com, EITC, z dot top. So always look at the last letters before a slash or the last letters in the URL to know what the top level domain is.
Josh Long 25:34
A lot of these phishing sites will use something like com, hyphen, something dot top, dot CFD, or any of these other random top level domains. But that hyphen is deceptive, right? Because you see the something.com at the beginning, and don’t realize that that hyphen means that it’s not really something.com it’s com, hyphen, something dot, whatever the top level domain is, so it’s, it’s extremely deceptive. And they continue to use these because it’s, it’s effective.
Kirk McElhearn 26:07
Okay, I’m trying to picture 20 years ago in 2005 I think I was using one of those white plastic 17 inch I max. And around that time the Chrome browser had a browser history privacy risk. This was 2005 20 years ago that they finally just fixed with Chrome version 136, right?
Josh Long 26:27
So this version of Chrome that’s about to be deployed to everybody later this month is going to be chrome 136 and it finally fixes this, so called privacy risk. Okay, so here’s, here’s what this is. You’ve all seen this before, where, when you click on a link on a lot of different websites, the link will change color to indicate that you visited that link previously. Well, what malicious or sketchy sites have been able to determine whether a site that you have visited is one that you visited just by looking at the color difference of the links that they embed in this page.
Kirk McElhearn 27:06
So the basic link is blue, and if you visited, it shows up as purple.
Josh Long 27:10
So there’s behind the scenes, there’s a visited tag, and so this could be used by somebody to determine what sites you’ve been to which could violate your privacy. So the way that Google is handling this, starting with Chrome version 136, again, coming out later this month, they’re going to start limiting this to sites within the same domain. So if, for example, you’re on a particular blog, and you click on links to other articles on that blog, you may still be able to see that those other links on the same blog were visited, but the website now will no longer be able to tell that you visited google.com or Microsoft or Apple.com or whatever.
Kirk McElhearn 27:58
Okay, before we finish, we just want to mention that while we were recording, Apple released the dot 4.1, versions of its operating systems, and they’ve already released details about the security fixes. Josh, one minute, tell us what’s going on here.
Josh Long 28:13
Okay, this is important, so you want to make sure to install these patches very quickly. This is so far they’ve released updates for Mac OS, Sequoia, 15 point 4.1 and iOS and iPad OS 18 point 4.1 and both of these address two actively exploited vulnerabilities that have so these are vulnerabilities have been seen in the wild. Both of these vulnerabilities are cases where somebody can craft a malicious file, and these vulnerabilities, it says, have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS. Even though it’s against iOS, these vulnerabilities are also exploitable on Mac OS as well. So you want to make sure to install the patches for Mac OS Sequoia, if you have a Mac as well.
Kirk McElhearn 29:06
Didn’t the last security update also talk about an extremely sophisticated attack against specific targeted individuals.
Josh Long 29:15
Well, the round of 131vulnerabilities that were just patched in Sequoia that there weren’t any actively exploited vulnerabilities there, but in the previous smaller update, there were some vulnerabilities that had been exploited against iOS users way back in like 17.2 right?
Kirk McElhearn 29:31
That’s the one that was a couple years old. Yeah. Okay, right, right. Okay, so that’s enough for this week. But if we have more information about these updates, we’ll mention them on next week’s episode. Until next week, Josh, stay secure.
Josh Long 29:43
Alright. Stay secure.
Voice Over 29:46
Thanks for listening to the Intego Mac podcast. The voice of Mac security with your hosts, Kirk McElhearn and Josh Long. To get every weekly episode be sure to follow us in Apple podcasts or subscribe in your favorite podcast app, and if you can leave a rating, a like or a review. Links to topics and information mentioned in the podcast can be found in the show notes for the episode at podcast.intego.com. The Intego website is also where to find details on the full line of Intego security and utility software. intego.com.
