Date: 2025-09-25 22:22 UTC
Researcher: Joseph Goydish II
At 22:22 UTC, Apple’s system service (api.smoot.apple.com), which delivers:
- Safari → autofill top-level domain lists
- Spotlight → search dictionaries and sources
- Maps → context-specific whitelist rules
was observed resolving to Amazon AWS infrastructure (AS16509) instead of Apple’s own network (AS714).
This raises questions about Apple’s public privacy claim that such system data “never leaves Apple servers or goes to third parties.”
DNS resolution chain at the time of observation:
api.smoot.apple.com → CNAME bag-smoot.v.aaplimg.com
bag-smoot.v.aaplimg.com → 3.139.131.151 (Amazon AWS, AS16509)
cdn.smoot.apple.com → 17.253.x.x (Apple, AS714)
Delegation:
smoot.apple.com → a.ns.apple.com (Apple authoritative NS)
Reproduce with:
dig +trace smoot.apple.com
dig +short api.smoot.apple.com @8.8.8.8
whois 3.139.131.151 | egrep -i 'OrgName|origin|AS'The smoot.apple.com service provides the signed configuration data (“bags”) that shape how Apple’s apps behave.
At the time of observation, this traffic terminated on Amazon AWS servers — a third party — not exclusively on Apple’s infrastructure.
This appears inconsistent with Apple’s privacy statement that such system data “never leaves Apple servers or goes to third parties.”
The unresolved question: Where is this data going once it reaches AWS, and how is it being handled outside Apple’s network?