Junk email automatically previewed - any risk? (iPadOS)
Hi all,
As I tried to delete a junk email, I noticed that the email automatically previewed (iPadOS Mail App). Does this pose any threat to my device?
Many thanks.
iPad (6th gen) WiFi
Apple Intelligence is now available on iPhone, iPad, and Mac!
Hi all,
As I tried to delete a junk email, I noticed that the email automatically previewed (iPadOS Mail App). Does this pose any threat to my device?
Many thanks.
iPad (6th gen) WiFi
Yes - and no...
Before proceeding, it is worthwhile to state that iOS/iPadOS, if not jailbroken, is not susceptible to malware infection in the traditional sense per-se - but, in common with all computing systems, is vulnerable to many other threats and threat actors. Immunity from threat is a myth - falsely perpetuated.
As to your question...
Many email messages contain images - some visible, some not. These images may be used to
The best defence is to “harden” your iPad. Doing so will allow you to review email content - without automatically downloading or triggering embedded content.
To “harden” the iPad and its desired behaviour it is necessary to change/set some settings for various App elements in iPadOS.
1) In iPad Settings, disable Automatic loading of remote images:
Settings > Mail > Load Remote Images - set to OFF
2a) Open the Mail App. From the sidebar, open an email that contains an embedded web-link to a safe/trusted website.
2b) From the main message pane, long-touch the embedded link to a web-age; a preview window will open.
2c) At the top of the preview window, tap Hide Preview (this inhibits loading of image elements); selecting Show Preview reverses this setting such that the preview will download potentially malicious content. This setting is “sticky”.
3) Install and configure a good quality Content Locker; highly recommend for iOS/iPadOS/macOS is 1Blocker for Safari:
https://apps.apple.com/gb/app/1blocker-for-safari/id1365531024
The full benefits of installing a comprehensive Content blocker - that processes locally on the iPad without reliance upon an external proxy - is beyond the immediate scope of this reply.
4) Change your DNS server settings to use a high security Recursive DNS provider. Quad9 is highly recommended:
Quad9
9.9.9.9
149.112.112.112
2620:fe::fe
2620:fe::9
OpenDNS
208.67.222.222
208.67.220.220
2620:0:ccc::2
2620:0:ccd::2
Cloudflare+APNIC
1.1.1.1
1.0.0.1
2606:4700:4700::1111
2606:4700:4700::1001
Items (1) and (2) are essential hardening settings. If you concerned about email threat, these should be considered as a minimum.
Item (3) I strongly recommend for its depth of protection in defending against browser-based attacks - but comes with a small cost. Item (4) comes at no cost and adds protection against a multitude of internet threats; (3) and (4) provide complementary “defence in depth”.
Implementing all four measures provides considerable protection from a high proportion of internet threats to which your iPad (and other computing devices) are exposed.
I hope this information and guidance is helpful to you - resolving any concerns you may have.
Yes - and no...
Before proceeding, it is worthwhile to state that iOS/iPadOS, if not jailbroken, is not susceptible to malware infection in the traditional sense per-se - but, in common with all computing systems, is vulnerable to many other threats and threat actors. Immunity from threat is a myth - falsely perpetuated.
As to your question...
Many email messages contain images - some visible, some not. These images may be used to
The best defence is to “harden” your iPad. Doing so will allow you to review email content - without automatically downloading or triggering embedded content.
To “harden” the iPad and its desired behaviour it is necessary to change/set some settings for various App elements in iPadOS.
1) In iPad Settings, disable Automatic loading of remote images:
Settings > Mail > Load Remote Images - set to OFF
2a) Open the Mail App. From the sidebar, open an email that contains an embedded web-link to a safe/trusted website.
2b) From the main message pane, long-touch the embedded link to a web-age; a preview window will open.
2c) At the top of the preview window, tap Hide Preview (this inhibits loading of image elements); selecting Show Preview reverses this setting such that the preview will download potentially malicious content. This setting is “sticky”.
3) Install and configure a good quality Content Locker; highly recommend for iOS/iPadOS/macOS is 1Blocker for Safari:
https://apps.apple.com/gb/app/1blocker-for-safari/id1365531024
The full benefits of installing a comprehensive Content blocker - that processes locally on the iPad without reliance upon an external proxy - is beyond the immediate scope of this reply.
4) Change your DNS server settings to use a high security Recursive DNS provider. Quad9 is highly recommended:
Quad9
9.9.9.9
149.112.112.112
2620:fe::fe
2620:fe::9
OpenDNS
208.67.222.222
208.67.220.220
2620:0:ccc::2
2620:0:ccd::2
Cloudflare+APNIC
1.1.1.1
1.0.0.1
2606:4700:4700::1111
2606:4700:4700::1001
Items (1) and (2) are essential hardening settings. If you concerned about email threat, these should be considered as a minimum.
Item (3) I strongly recommend for its depth of protection in defending against browser-based attacks - but comes with a small cost. Item (4) comes at no cost and adds protection against a multitude of internet threats; (3) and (4) provide complementary “defence in depth”.
Implementing all four measures provides considerable protection from a high proportion of internet threats to which your iPad (and other computing devices) are exposed.
I hope this information and guidance is helpful to you - resolving any concerns you may have.
If you are worried about the installation of a virus, or malware, read the responses listed in: https://discussions.apple.com/search?page=1&q=ipad%20virus&content=filterDiscussions&community=2039020&time=year
No.
LotusPilot wrote:
I hope this information and guidance is helpful to you...
Very thorough response...it was helpful to me!
Thanks for the reply. Could you please elaborate on why it is not a cause of concern?
Ferd II wrote:
Very thorough response...it was helpful to me!
🙂 My pleasure.
Hopefully also of interest to anyone that has true interest in their security - and that of their device and data...
Junk email automatically previewed - any risk? (iPadOS)