Forum Discussion
JutManGraham
Mar 04, 2024Brass Contributor
Apple Journaling - Discoverable By Others on by default
Has anyone in their security department approached someone about disabling this feature. I am in the Health Care field, and they are requesting I lock this down. Overall, this should not be an is...
SebastiaanSmits
Mar 05, 2024Steel Contributor
I searched Apple for a restriction but nothing indeed: https://support.apple.com/en-gb/guide/deployment/depc0aadd3fe/web (see table of content > MDM Settings).
For now you can block the Journal app by the following way:
Profile Type : Settings Catalog > in Configuration Settings > search for "Blocked App Bundle IDs" and select this configuration. You can find all the system app bundle id's here: https://support.apple.com/en-gb/guide/deployment/depece748c41/web Journal's bundel id is com.apple.journal fill that in as 'blocked bundle id'. Assign this configuration to the device.
------
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was useful in other ways, please consider giving it Like.
JutManGraham
Mar 05, 2024Brass Contributor
SebastiaanSmits The journaling application is already hidden.
Regardless that the Journaling application is hidden, the Discoverable By Others is ON by default and you can still turn on journaling suggestions.
- SebastiaanSmitsMar 06, 2024Steel Contributor
This feature is not really as Privacy or Security invasive as commonly thought (is not really for me to decide ofcourse) but not sure your company is assessing this fairly, as of Apple's own writing here:
"Nearby People
Journaling Suggestions may also use contextual information to determine which suggestions may be more meaningful or relevant to you. Journaling Suggestions uses Bluetooth to detect the number of devices and contacts around you without storing which of these specific contacts were around. This information is used to improve and prioritize your suggestions. It is stored on device, and is not shared with Apple. You can choose not to allow Journaling Suggestions to use the number of devices and contacts around you to prioritize your suggestions by going to Settings > Privacy & Security > Journaling Suggestions, then tapping to turn off Prefer Suggestions with Others.
You can also control whether your contacts include you in their number of nearby contacts by going to Settings > Privacy & Security > Journaling Suggestions, then tapping to turn off Discoverable by Others. If you disable Discoverable by Others and choose not to be included in your contacts’ counts, Prefer Suggestions with Others will also be disabled and Journaling Suggestions will not detect how many devices and contacts are around you to improve or prioritize your suggestions."
The Discoverable part is only for the device suggestion algorithm, to improve the 'raw' contact details and other privacy related parts are not visible to Apple or the user.
See another resource: https://www.tomsguide.com/phones/iphones/no-the-ios-17-journal-app-isnt-a-privacy-risk-what-you-need-to-know
- JutManGrahamMar 06, 2024Brass Contributor
I have read both articles, my issue is with
If you disable Discoverable by Others and choose not to be included in your contacts’ counts, Prefer Suggestions with Others will also be disabled and Journaling Suggestions will not detect how many devices and contacts are around you to improve or prioritize your suggestions."
Be default, the devices are reaching out to other devices. That to me is THE issue. Enabling something that connects to other device in any way by default without me intentionally enabling it. Opens up potential avenues for exploitation as well, again BY DEFAULT.
- SebastiaanSmitsMar 06, 2024Steel ContributorHi,
Agreed, to a certain extent - there are a lot of calls that a iOS device makes over the internet and also locally - for example the find my capabilities, and not all do we enable explicitly. But the main point is, I guess, that the way Apple describes this they do not see this as a Privacy or Security issue. Not sure but that might be the reason there is no MDM setting to disable it.