How Apple locates internal leak sources

Just now, just before WWDC23, there are again many rumors and supposed leaks about new operating systems and devices from Apple. The last person who should be happy about this piece of information is the iPhone manufacturer itself. And so it is not surprising that several measures are used to locate the personal sources of leaks and rumors. From different document versions to different fonts to hidden watermarks, a lot is tried. Below you will find a summary of known and suspected procedures. There is also information on how some media deal with leaked information in order to protect their sources.

The introduction of new Apple devices, operating systems and services benefits from a certain element of surprise. This is lost if leaks have made all information public. You can read how Apple is doing this here.
The introduction of new Apple devices, operating systems and services benefits from a certain element of surprise. This is lost if leaks have made all information public. You can read how Apple is doing this here.

Hardly any innovations: Why does Apple want to keep new things secret?

Apple likes to take familiar concepts and adapt them to fit into its own ecosystem. Perhaps an interesting innovation will be interspersed here and there. But neither the iPad, nor the Apple Watch, nor the HomePod were anything fundamentally new when they were first introduced. However, many improvements to the concept of the tablet, the smartwatch and the smart speaker have led to Apple fans being won over. 

And part of that persuasion is an element of surprise. This was mainly built on under Steve Jobs, like the presentations of the iMac G3, first iPhones, MacBook Air and so on. Due to leaks and rumours, hardly anything can be presented as a surprising "One More Thing". And that's why Apple is taking action against such efforts. Sometimes more noticeable, sometimes very subtle.

Invisible watermarks on product and prototype images

Sketches, technical drawings, 3D models and similar illustrations are needed to plan new devices internally, discuss them, turn them into prototypes and develop them further. These can easily penetrate to the outside. Digital images can easily be copied or forwarded. Printed images or existing prototypes can be photographed and shared with the public. To prevent this from happening, Apple uses subtle means to help track down a leaking person. For example, “invisible watermarks” can be used on digital images, CAD graphics, and so on. 

This isn't just specific metadata to track back, but slightly different colors and color combinations. For example, a small portion of an all-black area with color code #000000 could be tinted with the subtly lighter color code #070707. If this image then appears on a website, Apple can see which part is colored differently and identify the person(s) to whom the graphic was given internally. In addition to the deep black, on which grayer areas are more noticeable, the color changes can of course also affect any other color. This is no longer noticeable in color gradients.

Slightly modified details in documents or on images

If there are internal presentations of new Apple devices or systems, then various media are used - data sheets, images and videos. All of them can be modified in one detail or another. For example, the design team could receive a data sheet that has one or two incorrect cellular bands noted. The Siri team could get incorrect information about the camera (ƒ/1.8 aperture instead of ƒ/1.9 aperture for the new iPhone's TrueDepth camera, for example) and so on. Colors, prices, release dates and more will also be changed. If this information comes to light, it can be traced from which department it was taken.

In addition to the image material modified as described above, internal video material can also be used and, if necessary, routed to the outside. Various options for tracking leaks can be used here. Video and image files can have slightly different names ( instead of, for example). Depending on the department or individual, the video material can also be cut differently, one or two seconds longer or shorter or equipped with slight graphic errors. “Invisible watermarks” are also used here.

Document serial numbers are likely linked to employee numbers

In addition to the subtle adjustments to the material that are not recognizable without a direct comparison, internally shared information is also directly marked with certain identifiers. For example, video material created for internal use only gets a watermark. It is assumed here that the material ID so included is associated with the persons and groups for which the video is intended. So if a copy with a visible ID appears in the public domain, it can be traced back to specific teams and employees.

Fonts and formatting on internal documents and memos

Whether it's a device data sheet, planning a new online service or the list of devices compatible with a new OS - this information can be shared internally via email, printed documents, memos and so on. In order to determine who leaked a screenshot, copy or photo of it to the public, these documents may have been adapted accordingly. For fonts with serifs, the same can be shortened or lengthened for individual letters - depending on the font and size, a single pixel is enough. Completely different fonts can also be selected for different departments or people.

It is also not uncommon for certain information to be formatted randomly and independently of the information. For example, the following sentence could be found in a text: The neue iPhone 15 Pro appears youThat ones year two wkchen after regularlyren iPhone 15. Although this is comparatively noticeable, it means that leaks require an intermediate step: copying the information. They cannot simply be photographed or shared via screenshot. And if you simply copy and paste it somewhere without formatting, you will be reminded that there can also be deviations in content.

Deviating sentence structure and punctuation as measures against leaks

While random formatting of the text or formatting adapted to specific people or groups is a direct reminder that the data provided is only intended for internal use, there are also text designs that do not show this directly. So if entire sentences from internal documents are published, Apple may be able to match them based on their wording or the punctuation marks used. The following three sentences say the same thing, but could be assigned to different personal sources due to their formulation:

  • The new iPhone 15 Pro arrives two weeks after the regular iPhone 15 this year.
  • The new iPhone 15 Pro arrives two weeks later this year (than the regular iPhone 15).
  • The new iPhone 15 Pro arrives 2 weeks later than the regular iPhone 15 this year!

Multi-stage search for leak sources at Apple

It is assumed that leak sources at Apple are identified in a multi-stage process. So if it is discovered that leaks come from a specific department or from a specific team, then the sub-groups there are given information again. If any of these are published, the subgroup can be identified and supplied with individually deviating memos or data sheets. Now, on the basis of the information that is urgently needed for the public, it can be determined which individual has taken them away.

Evidence for this approach from "Analyst941"

Here at Sir Apfelot we have reported on and off the leaks and rumors coming from the Twitter profile over the last few weeks and months @analyst941 went out. The person behind it was also active on the MacRumors forum and other platforms. However, it has been communicated via several sources that the individual accounts will be deleted (and have since been deleted) because the source of the leak (apparently the sister of "Analyst941") was identified and fired by Apple. 

One of the last rumors shared by Analyst941 was that the two pro apps Final Cut Pro and Logic Pro to be released for the iPad in 2024 and 2025. But like us recently know, the two will Apps already released for iPadOS this year - even on May 23, 2023. Whether it was really intentional false information that was communicated internally to the leak source, or whether Analyst941 just shared some rumors and then deleted the accounts because the Infos were obviously wrong, can not be said. 

How media deal with leaks to protect their sources

The Apple leak tracking details shown here are mainly from 9to5Mac sources (here and here). It also shows how the magazine itself proceeds when it receives material from internal Apple sources. For example, image material is not taken over one-to-one, but recreated with our own creations. The same perspectives and colors are not used. Text material is also not taken over in the original, but formulated differently. There isn't much you can do with technical data, other than maybe comparing it to other sources (if you have them).

My tips & tricks about technology & Apple

Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership would support.

Post a comment

Your e-mail address will not be published. Required fields are marked with * marked

In the Sir Apfelot Blog you will find advice, instructions and reviews on Apple products such as the iPhone, iPad, Apple Watch, AirPods, iMac, Mac Pro, Mac Mini and Mac Studio.