Mar 04 2024 08:06 AM
Has anyone in their security department approached someone about disabling this feature. I am in the Health Care field, and they are requesting I lock this down.
Overall, this should not be an issue with just Discoverable By Others on by default which would only show the phone exists. This will be a problem IF a curious colleague manually turns on the Journaling Suggestions feature which would allow others to possibly see the Contacts on the phone and other information. This feature seems rather invasive when turned on without someone really reviewing what the settings will truly do.
I reviewed the Intune standard policies as well as the newer settings catalog settings and could not locate anything to remotely disable journaling. The only recourse may be to reach out to Apple and push for a restriction to lock down the Journaling feature from being enabled and well as the Discoverable By Others Option.
Mar 04 2024 09:59 PM
I searched Apple for a restriction but nothing indeed: https://support.apple.com/en-gb/guide/deployment/depc0aadd3fe/web (see table of content > MDM Settings).
For now you can block the Journal app by the following way:
Profile Type : Settings Catalog > in Configuration Settings > search for "Blocked App Bundle IDs" and select this configuration. You can find all the system app bundle id's here: https://support.apple.com/en-gb/guide/deployment/depece748c41/web Journal's bundel id is com.apple.journal fill that in as 'blocked bundle id'. Assign this configuration to the device.
------
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was useful in other ways, please consider giving it Like.
Mar 05 2024 06:48 AM
@SebastiaanSmits The journaling application is already hidden.
Regardless that the Journaling application is hidden, the Discoverable By Others is ON by default and you can still turn on journaling suggestions.
Mar 06 2024 03:09 AM
This feature is not really as Privacy or Security invasive as commonly thought (is not really for me to decide ofcourse) but not sure your company is assessing this fairly, as of Apple's own writing here:
"Nearby People
Journaling Suggestions may also use contextual information to determine which suggestions may be more meaningful or relevant to you. Journaling Suggestions uses Bluetooth to detect the number of devices and contacts around you without storing which of these specific contacts were around. This information is used to improve and prioritize your suggestions. It is stored on device, and is not shared with Apple. You can choose not to allow Journaling Suggestions to use the number of devices and contacts around you to prioritize your suggestions by going to Settings > Privacy & Security > Journaling Suggestions, then tapping to turn off Prefer Suggestions with Others.
You can also control whether your contacts include you in their number of nearby contacts by going to Settings > Privacy & Security > Journaling Suggestions, then tapping to turn off Discoverable by Others. If you disable Discoverable by Others and choose not to be included in your contacts’ counts, Prefer Suggestions with Others will also be disabled and Journaling Suggestions will not detect how many devices and contacts are around you to improve or prioritize your suggestions."
The Discoverable part is only for the device suggestion algorithm, to improve the 'raw' contact details and other privacy related parts are not visible to Apple or the user.
See another resource: https://www.tomsguide.com/phones/iphones/no-the-ios-17-journal-app-isnt-a-privacy-risk-what-you-need...
Mar 06 2024 05:57 AM
I have read both articles, my issue is with
If you disable Discoverable by Others and choose not to be included in your contacts’ counts, Prefer Suggestions with Others will also be disabled and Journaling Suggestions will not detect how many devices and contacts are around you to improve or prioritize your suggestions."
Be default, the devices are reaching out to other devices. That to me is THE issue. Enabling something that connects to other device in any way by default without me intentionally enabling it. Opens up potential avenues for exploitation as well, again BY DEFAULT.
Mar 06 2024 06:27 AM