Apple Journaling - Discoverable By Others on by default

Brass Contributor

Has anyone in their security department approached someone about disabling this feature. I am in the Health Care field, and they are requesting I lock this down.

 

Overall, this should not be an issue with just Discoverable By Others on by default which would only show the phone exists.  This will be a problem IF a curious colleague manually turns on the Journaling Suggestions feature which would allow others to possibly see the Contacts on the phone and other information.  This feature seems rather invasive when turned on without someone really reviewing what the settings will truly do.

 

I reviewed the Intune standard policies as well as the newer settings catalog settings and could not locate anything to remotely disable journaling.  The only recourse may be to reach out to Apple and push for a restriction to lock down the Journaling feature from being enabled and well as the Discoverable By Others Option. 

6 Replies

@JutManGraham 

 

I searched Apple for a restriction but nothing indeed: https://support.apple.com/en-gb/guide/deployment/depc0aadd3fe/web (see table of content > MDM Settings). 

 

For now you can block the Journal app by the following way:

Profile Type : Settings Catalog > in Configuration Settings > search for "Blocked App Bundle IDs" and select this configuration. You can find all the system app bundle id's here: https://support.apple.com/en-gb/guide/deployment/depece748c41/web Journal's bundel id is com.apple.journal fill that in as 'blocked bundle id'. Assign this configuration to the device.

 

------

Please click Mark as Best Response & Like if my post helped you to solve your issue.

This will help others to find the correct solution easily. It also closes the item.

If the post was useful in other ways, please consider giving it Like.

@SebastiaanSmits The journaling application is already hidden. 

 

Regardless that the Journaling application is hidden, the Discoverable By Others is ON by default and you can still turn on journaling suggestions.

@JutManGraham 

 

This feature is not really as Privacy or Security invasive as commonly thought (is not really for me to decide ofcourse) but not sure your company is assessing this fairly, as of Apple's own writing here:

https://www.apple.com/legal/privacy/data/en/journaling-suggestions/#:~:text=It%20is%20stored%20on%20...

 

 

"Nearby People

Journaling Suggestions may also use contextual information to determine which suggestions may be more meaningful or relevant to you. Journaling Suggestions uses Bluetooth to detect the number of devices and contacts around you without storing which of these specific contacts were around. This information is used to improve and prioritize your suggestions. It is stored on device, and is not shared with Apple. You can choose not to allow Journaling Suggestions to use the number of devices and contacts around you to prioritize your suggestions by going to Settings > Privacy & Security > Journaling Suggestions, then tapping to turn off Prefer Suggestions with Others.

You can also control whether your contacts include you in their number of nearby contacts by going to Settings > Privacy & Security > Journaling Suggestions, then tapping to turn off Discoverable by Others. If you disable Discoverable by Others and choose not to be included in your contacts’ counts, Prefer Suggestions with Others will also be disabled and Journaling Suggestions will not detect how many devices and contacts are around you to improve or prioritize your suggestions."

 

 

The Discoverable part is only for the device suggestion algorithm, to improve the 'raw' contact details and other privacy related parts are not visible to Apple or the user.

 

See another resource:  https://www.tomsguide.com/phones/iphones/no-the-ios-17-journal-app-isnt-a-privacy-risk-what-you-need...

I have read both articles, my issue is with 

 

If you disable Discoverable by Others and choose not to be included in your contacts’ counts, Prefer Suggestions with Others will also be disabled and Journaling Suggestions will not detect how many devices and contacts are around you to improve or prioritize your suggestions."

 

Be default, the devices are reaching out to other devices.  That to me is THE issue.  Enabling something that connects to other device in any way by default without me intentionally enabling it.  Opens up potential avenues for exploitation as well, again BY DEFAULT.

Hi,

Agreed, to a certain extent - there are a lot of calls that a iOS device makes over the internet and also locally - for example the find my capabilities, and not all do we enable explicitly. But the main point is, I guess, that the way Apple describes this they do not see this as a Privacy or Security issue. Not sure but that might be the reason there is no MDM setting to disable it.