User profile for user: Justin Perth
Justin Perth Author
User level: Level 1
30 points

How to report and assess potential sandboxing circumvention of Apple Music's library on iPhone?

Who/ how do I report the breaking of a browser's sandboxing which resulted in accessing Apple Music's Media Library being accessed per Apple iPhone's App Privacy Report?


My iPhone was using a VPN with Airplane mode active and Apple Music not being open.


How do I determine if any information (and if so what information) has been accessed that is stored on my iPhone from a website?


Before one of the regular commentators jumps in with the all too familiar statements that an Apple iPhone can't have it's app's sandbox defeated, I recommend that they look at Apple's own security CVE statements on iOS updates relating to broken sandbox security patches.


I want to know what methods Apple iPhone owners have to analyse and assess potential circumvention of their device's security and ascertain what data, files, and information might have been accessed.



[Re-Titled by Moderator]

Original Title: Potential sandboxing circumvention

iPhone 12 Pro Max, iOS 26

Posted on Dec 6, 2025 6:50 AM

Reply
4 replies
User profile for user: MrHoffman
MrHoffman
Community+ 2025
User level: Level 10
144,821 points

Dec 6, 2025 8:44 AM in response to Justin Perth

Some entity using a sandbox quirk or a sandbox bypass for user tracking would not surprise.


A web browser that has permissions or provisions for access into Apple Music would also not surprise.


Which web browser?


Is that web browser shown in Settings > Privacy & Security > Media & Apple Music > [details]?


As for your question, here is how to: Report a security or privacy vulnerability - Apple Support


I’d not expect an Apple Store to be looking at analytics, telemetry, or details secondary to an privacy report.


Unless using the VPN to connect directly into an associated network or unless you or an associate are running the VPN server yourself, too many of the third-party add-on VPN providers are privacy and security problematic.


Airplane mode is not obviously relevant.


A discussion of performing forensics and of rummaging info.plist and related including the app activity privacy report is going to be a little involved for a forum discussion, though the app and access details posted in this thread are currently also somewhat lacking too.


Reply
User profile for user: Mac Jim ID
Mac Jim ID
User level: Level 9
59,288 points

Dec 6, 2025 8:11 AM in response to Justin Perth

Post screenshots if you wish as long as they do not contain any personal information to visualize what you are seeing. If you need help understanding the App Privacy Report, you can do that here, contact Apple directly, and even report a privacy vulnerability here.

Report a security or privacy vulnerability - Apple Support


A VPN is actually making your device less secure and Airplane mode is irrelevant when it comes to any data be sent over the internet being intercepted by the VPN provider. It is not a sandbox vulnerability you need to be concerned about there, it is the data that you are inadvertently sending to them. Their security claims are nothing more than a marketing ploy just like Antivirus software that claims to scan your iPhone for viruses. The only purpose is for a "tunnel" to a work/school environment where it is their IT department that provides the access settings to use. A user thinking they are securing their device with a VPN is being mislead and vulnerable.


Reply

How to report and assess potential sandboxing circumvention of Apple Music's library on iPhone?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up