WatchWitch: Interoperability, Privacy, and Autonomy for the Apple Watch

Nils Rollshausen; Alexander Heinrich; Matthias Hollick; Jiska Classen

WatchWitch: Interoperability, Privacy, and Autonomy for the Apple Watch

Authors: Nils Rollshausen (Secure Mobile Networking Lab, Technical University of Darmstadt), Alexander Heinrich (Secure Mobile Networking Lab, Technical University of Darmstadt), Matthias Hollick (Secure Mobile Networking Lab, Technical University of Darmstadt), Jiska Classen (Hasso Plattner Institute, University of Potsdam)

Volume: 2025
Issue: 4
Pages: 94–111
DOI: https://doi.org/10.56553/popets-2025-0121

Download PDF

Abstract: Smartwatches such as the Apple Watch collect vast amounts of intimate health and fitness data as we wear them. Users have little choice regarding how this data is processed: The Apple Watch can only be used with Apple's iPhones, using their software and their cloud services. We are the first to publicly reverse-engineer the watch's wireless protocols, which led to discovering multiple security issues in Apple's proprietary implementation. With WatchWitch, our custom Android reimplementation, we break out of Apple's walled garden-demonstrating practical interoperability with enhanced privacy controls and data autonomy. We thus pave the way for more consumer choice in the smartwatch ecosystem, offering users more control over their devices.

Keywords: Wearables, Apple Watch, Privacy, Reverse Engineering

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.