Automatic contact sharing in iOS leaks emails to Lockdown Mode devices

A few days ago I submitted the following report to Apple:

When other iPhone users attempt to contact an iPhone in Lockdown Mode, for example by calling its number or sending an iMessage, the Lockdown Mode exposes emails of these other users to the iPhone in Lockdown Mode via a push alert on the lock screen titled “Lockdown Mode blocked Name and Photo” with text “[email address] attempted to share their Name and Photo.”

UPDATE: This behaviour is most likely triggered when the calling user adds the receiving number to their contacts. The automatic Name & Photo sharing settings are located in Settings > Phone > Share Name and Photo. However, there is no information there that states email is also shared.

Steps to reproduce

1. Set your iPhone to Lockdown Mode

2. Get another iPhone with a number not in your contacts to call you, do not pick up.

3. Your iPhone in Lockdown Mode (and all your other iOS/iPadOS devices in Lockdown Mode as well) will receive a push notification on the lock screen titled “Lockdown Mode blocked Name and Photo” with text “[email address] attempted to share their Name and Photo.”

Expected results

Lockdown Mode should not expose email addresses of people who attempt to call you, because they expect that only their phone number is shared.

Actual results

Lockdown Mode exposes email addresses of people who attempt to call you. I assume that these email addresses are their Apple IDs.

Apple response

“Thanks for contacting us. The behavior you reported is expected when using Lockdown Mode.”

Thanks Apple. I think that’s a privacy issue, but ok. Maybe it’s a security issue as well if we consider this a leak of Apple IDs.

Or maybe it’s just an interesting feature. Dear reader, what do you think?