If you have an iPhone or iPad, Apple's Siri voice assistant will read the lock screen notifications for applications, even when you've turned off the previews of the content they contain, and without making sure it's you. This does not work for iMessages and SMS texts; Siri always asks you to unlock your device before reading aloud what those messages contain. However, for other applications such as third-party email applications, Facebook Messenger, Slack and many more, Siri will simply release details about the notification without verifying if it is the right person requesting your listening.
Mac Magazine discovered the unfortunate supervision, and 9to5Mac also reported on it. According to reports, the problem is still present in the beta versions of iOS 11.3. It is not immediately clear if the lack of consistency is an error or, instead, only a strange design flaw or limitation of the API that affects third-party applications.
Even if the lock screen previews are disabled, Siri will still read the content in notifications aloud from third-party email and messaging applications.
Anyway, it's probably not something that most users are aware of, and the discovery could be particularly worrisome for iPhone X owners. By default, Apple's flagship smartphone is set to hide previews from the lock screen; they appear as soon as Face ID has successfully identified it, but otherwise they will not be shown to other people who operate their smartphone. It is a wall of excellent and immediate privacy, but this weakness Siri easily avoids.
Apple's own software remains relatively blocked. Saying things like "Read my last email" and "Read my last note" lead Siri to insist that she unlock her phone before the voice assistant can comply with the request as she associates the questions with the Apple software. But if you use an alternative email application such as Gmail, Siri will include those in the notifications that you are willing to read. The sender, the subject and the first lines of a message are all included in the reading. There is a big difference when it comes to how protective Siri is of them.
This is not a case where Siri recognizes a user's voice before speaking. You do not need to say "Hey Siri" to ask for notifications. All you need to do is press and hold the start button (or the side button in the case of the iPhone X). I used a generic female text-to-speech bot voice to say "Read my notifications" and Siri did just that, throwing a direct message from Slack and a Facebook Messenger message to everyone who was within earshot.
Until Apple rectifies this, it can prevent any possible privacy intrusion by disabling screen lock notifications for sensitive applications. As far as I can tell, as long as they do not appear on the lock screen, Siri will say that you have no new notifications and will ignore the ones that arrive in the background. You can leave notifications enabled elsewhere for you to see after you have unlocked the phone and the notification tray has gone down.