Apple busts major iOS 17 leaker with spycraft 'canary trap'

May 11, 2023
213 views

The tipster who went by analyst941 leaked a large number of details about iOS 17, but his or her inside source apparently was caught by Apple in a sting operation. The source has reportedly been fired, and both they and the tipster could face legal action by the iPhone-maker.

It appears that Apple caught the leaker by laying a “canary trap” — a piece of classic spycraft used by intelligence agencies for years.

The rise and fall of an Apple leaker

Apple is notoriously secretive and jealously guards secrets about upcoming products. Leaks spoil Apple’s surprise “one-last-thing” approach to product unveilings, and can give competitors an advantage. To stop secret info from slipping out, Apple silos its employees, giving them information only on a need-to-know basis.

Apple also requires its employees to sign nondisclosure agreements, which forbid the signees from discussing secret projects with unauthorized people. That includes other Apple employees — and most certainly anyone outside the company.

Nevertheless, some people choose to leak information about the projects they are working on. analyst941 had such a source, and was able to reveal numerous details about iOS 17. That includes a promise of significant changes to the Control Center, the detail that Apple Maps Lock Screen directions could get a new look, a new grid-based user interface for working with Lock Screens, revamped UIs for the Wallet and Health apps, and more.

The leaker also said Final Cut Pro would come to iPad in 2024 and Logic Pro for iPad would arrive in 2025. However, these dates were deliberately incorrect, and that was the beginning of the end.

Apple sting catches source of iOS 17 leaks

analyst941 disclosed what happened next in a goodbye message on MacRumors‘ forums, where the anonymous leaker maintained an active presence. The goodbye post has since been deleted, but you can see a screenshot above.

In the post, the leaker said the source inside Apple was his or her sister. Apple reportedly fed the source false release dates for iPad versions of Logic Pro and Final Cut Pro. Other employees received different launch dates. When the tipster published what they had been told, Apple knew the source.

Each individual “who knew about FCP/Logic iPad development was given a unique combination of release dates,” analyst941 wrote. “Unfortunately the combination I shared on Twitter matched the combination given to my sister as the FCP+ Logic timeframe.”

This is called a canary trap, and has been used many times before by companies looking for leakers, as well as by counter-espionage agencies searching for spies.

The term was coined by spy novelist Tom Clancy, and is referred to as the “barium meal test” in spy circles. Tesla CEO Elon Musk reportedly used a canary trap to unsuccessfully search for Tesla leakers in 2008. And a similar scheme was central to the notorious Wagatha Christie case.

It appears to be the first time Apple has used the method to catch a source of internal leaks.

Apple apparently doesn’t plan to stop with firing the inside source of the information. According to analyst941’s post, Apple might take legal action against both the former employee and the tipster.

In addition, the @analyst941 Twitter account that hosted the iOS 17 images made from leaked information has been deleted.

Source: Cult of Mac