What is "ShortcutsActions" and why is it accessing contacts on my iPhone?

hi all..

i still waiting for this case.. i mean what is "ShortcutsActions" for real.. i just need valid information about that.. is this some abnormal like hack things or just IOS system, for real i never using shortcuts, and jailbreaks my phone, now i have changes four times different icloud,

my device is iphone 11 pro, i have argument about thiss.. is this work for iphone "Pro" series??

so thanks for the attention

regards,

zaki

Hi Mr. Lawrance!

Previously, i would like tobsay thank you for you response and argument, i really appreciate it you have time to response this topic.

actually, i have some trouble because i still cannot find this topic's reply cause yeah, is that look random date i see..

but i get point and read some information in this forum, so shortcuts Actions available on iPhone Xs >> (next iphone series).

and if we have a lot application, the result is more recorded in the "shortCuts Actions" privacy report

is this information right sir? im sorry if my grammar so bad hehehe.. have a nice day sir

regards,

zaki

Yes, iOS apps talk to each other. But Shortcuts doesn’t handle contact data in iOS unless someone specifically created a workflow doing so. And, if the shortcut is legit, you can view and control its data access.

So if the App Privacy Report says an obscured, unactionable workflow is suddenly accessing contact data—for some users only, on devices where it’s not installed, no shortcuts were created, and timestamps can’t be correlated to user actions—that’s the issue.

The report’s there so that, “if an app appears to be accessing your data in a way or at a time that you didn't expect, you can update your privacy settings or revoke permission.”

Shortcutsactions isn’t an app and this can’t be updated, so its inclusion is, at the very least, a bug. Without evidence to the contrary, it might also be malware. 

Automation is inherently risky (Apple’s words, not mine), and they advise to, “review all shortcuts downloaded from the web or shared with you with extra caution to confirm that they function as you expect.”

Just last year, Shortcuts had a critical, zero-click exploit that allowed hackers to access sensitive data.

This also showed up without user interaction; of course people should try and validate that it’s not malicious. That’s not a conspiracy theory, it’s common sense. 

As I’ve explained several times, this will be the last. The Shortcuts app has a large number of built in shortcuts. Many of the need access to contacts.

But the key fact is that ALL OF THESE INTERACTIONS ARE BETWEEN APPS ON YOUR DEVICE, AND NEVER LEAVE THE DEVICE, SO THERE IS NO VULNERABILITY OR SECURITY PROBLEM. What is so hard to understand about this FACT?!

I’m really sick of this thread, and I will stop following it. Have a nice rest of your life.

What steps can be taken to secure a phone/Apple ID if Shortcutsactions is repeatedly accessing contacts but the app is not on the phone (I am fully aware of how to check) and no shortcuts have ever been created?

I’m grateful for everyone supporting the community, but the “that’s not possible / it’s something you did / that’s expected behavior” party lines for all things security-related are unhelpful and, often, demonstrably false.

Shortcuts has already had a high-severity exploit. Concerning issues for multiple users are arising again.

Is there practical advice for confirming a compromise or involving Apple to do so?

That’s not the case for me; for example, today Shortcutsactions accessed my contacts for over a hour while I was asleep.

Regardless, thank you for offering something specific to review. I appreciate it.

If you are using the profile of the cell company you are subscribed to with your Apple email, temporarily deactivate it from your email settings. This has worked for me. And I can't determine if this is normal contact or something bad.

foxowl wrote:

so what’s the reason? Can anyone give an answer?

Anytime you receive a phone call, email, message, a ShortcutsAction will access your Contacts to provide the name in your Contacts instead of the phone number or email address. If there is no name associated, then the action will return nothing to replace the phone number or email address.

That is just one example. There are more, such as Notification from apps that you have given permission to access your Contacts.

Thank you for this that makes sense. But what if you have implicitly not given any app to access your contacts? And the ShortcutsActions app is still doing the same thing? Exactly as described by the OP

Has anyone tried asking apple support? Wonder what they would have to say? I’m guessing it would go to an Apple senior advisor who would have to screen share and pull a diagnostic to get it off to the “engineers” and never hear back from them.

Almost a 1hr call with Apple support they told me “it’s the phone app that uses this shortcut to your contacts to flag spam calls” so I asked if I get a call that is not in my contacts it will be automatically flagged as a spam call? They replied not necessarily and that they couldn’t give a real answer on that” Whiskey Tango Foxtrot

seriously.

Apple support

I would suspect a future software update will eliminate it completely from the Privacy Report, just like it did in the Screen Time report, and the Contacts access will be reported correctly under the Phone app. Every call you get will have to access Contacts to see if there is a name associated with the number, and if so, you will see that name instead. Not sure what they mean to flag spam calls and certainly a call that is not in your contacts will not be automatically flagged as spam. Maybe they are referring to the Silence Unknown Callers features to check if the caller is in your Contacts.

You raised a very good point. But yah Apple support what can I say. They really don’t know much. She did say she checked with an “engineer” so it’s how she interpreted it as flagged. I have noticed it gives time stamps when it accesses your contacts. I can confirm ShortcutsActions access contacts minutes before a call and when a call actually ringing. But only certain calls not all. Pretty weird. Then it continues randomly every hour or so.

foxowl wrote:

Almost a 1hr call with Apple support they told me “it’s the phone app that uses this shortcut to your contacts to flag spam calls” so I asked if I get a call that is not in my contacts it will be automatically flagged as a spam call? They replied not necessarily and that they couldn’t give a real answer on that”

I think either Apple Support was mistaken or there was a miscommunication. My understanding is that the spam flag comes from the carrier.

As far as the shortcuts app, it’s just meant to go with an app so you can have a shortcut to it. Any app that you make a shortcut with will affect certain permissions so if you have a shortcut that is giving you quicker access to your contacts it’ll state the time that the shortcut app accessed your contacts. I am not by all means sure about what I just said at all on how much could be true, but To me that would make sense.