Why is Live Activity content a privacy concern?

Because it appears on the lock screen, which is visible whenever the device is present and, crucially, without the user authenticating, so anyone who can see the device, the owner or a bystander, can read a Live Activity on it. That makes a Live Activity effectively a public display for as long as it is active, and since it persists visibly for the activity's lifetime rather than flashing briefly, whatever it shows is exposed the whole time. So sensitive details placed in a Live Activity are on show to anyone near the device, which is why the content must be non-sensitive.

What content is safe to show in a Live Activity?

Non-sensitive, glanceable details: status, progress, a score, an estimated time, the kind of information that is fine for anyone near the device to see. What is not safe is account details, personal data, financial figures, or anything a user would not want a bystander glancing at their locked phone to read. Decide the content on the assumption that it is publicly visible on the lock screen, and show only the minimum the glanceable purpose needs rather than enriching the activity with data that does not have to be there.

How should I handle Live Activity remote updates?

Like push notification content, because that is essentially what they are. Live Activities are frequently updated by remote push, and the push payload contains the content to display, so do not include secrets in it, deliver it through the proper push service, and protect the push token used for Live Activity updates as you would any token. The same care you apply to ordinary push notification payloads applies here, with the added point that the delivered content lands on the unauthenticated lock screen, so it must also be non-sensitive.

Can a scan check Live Activity privacy?

The decision of what content is safe to display on the lock screen is a design choice you make, since only you know which of your data is sensitive. A pre-submission scan such as PTKD.com reads the compiled IPA against OWASP MASVS and assesses your app's data handling and push usage, which is the broader surface Live Activity content and its remote updates belong to. That helps you confirm your push and data handling are sound, while the specific practice of keeping Live Activity content non-sensitive and minimal is implemented in your app and backend.

iOS Live Activities and ActivityKit privacy

Live Activities, built with ActivityKit, put real-time information on the lock screen and Dynamic Island, a delivery on its way, a game score, a ride approaching, updating live without the user opening the app. It is a great surface, and that is exactly the privacy consideration: a Live Activity is displayed on the lock screen, visible to anyone who can see the device, without the user being authenticated. Whatever you put in it is on show. They are also often updated by remote push, which makes the update channel part of the picture. Here is what Live Activities expose and how to use them without leaking sensitive data.

Short answer

Live Activities, created with ActivityKit, display live-updating content on the iOS lock screen and Dynamic Island. Per Apple, because that content appears on the lock screen, it is visible without the device being authenticated, so a Live Activity must not contain sensitive information that should not be seen by anyone glancing at the device. Live Activities can also be updated remotely through push, so the update payload should be treated like other push content: do not send secrets in it, and protect the push token. The guidance is to show only non-sensitive, minimal content in a Live Activity, treat its remote updates with the same care as push notifications, and assume anything in it is publicly visible on the lock screen.

What you should know

Live Activities show content on the lock screen: and the Dynamic Island.
The lock screen is visible without authentication: anyone can see it.
So the content must be non-sensitive: assume it is publicly visible.
They can update via remote push: treat the payload like push content.
Minimize what a Live Activity displays: only what the glanceable purpose needs.

What are Live Activities, and what is the exposure?

They are a glanceable, live-updating UI shown outside your app, on the lock screen and Dynamic Island. With ActivityKit you start a Live Activity to represent something ongoing, an order, a trip, a match, and it displays current information that updates over its lifetime, either from your app or via remote push, so the user sees progress without opening the app. The exposure follows directly from where it appears: the lock screen is shown whenever the device is present, and crucially it is visible without the user authenticating, so anyone who can see the device, the owner or someone nearby, can read a Live Activity on it. That makes a Live Activity effectively a public display for the duration it is active. The Dynamic Island is similarly on-screen while the app is active in it. So the content you choose for a Live Activity is content you are choosing to show on an unauthenticated surface, which is the heart of the privacy consideration.

Where is data exposed?

On the display surfaces and through the update channel. The table lists them.

Surface or path	Exposure
Lock screen	Live Activity content visible without authentication
Dynamic Island	Content shown while active on supported devices
Remote push updates	The update payload carries the displayed content
Push token	The token used to deliver Live Activity updates
Persistence while active	Content remains visible for the activity's lifetime

The primary exposure is the lock screen: a Live Activity's content sits there, readable by anyone who can see the device, for as long as the activity is active, with no authentication gate, so sensitive details placed in it are on display. The Dynamic Island shows content too while the activity is active on supported devices. The update path adds another consideration: Live Activities are frequently updated by remote push, and that push payload contains the content to display, so it should be handled with the same care as any push notification, not carrying secrets and delivered through the proper push service, with the push token protected. Because a Live Activity persists visibly for its lifetime rather than flashing briefly, whatever it shows is exposed for the whole duration, which makes minimizing the content all the more important.

How do you use Live Activities safely?

Show only non-sensitive, minimal content, and treat updates like push. Decide what goes into a Live Activity on the assumption that it is publicly visible on the lock screen, and keep sensitive information out of it entirely, status, progress, and other glanceable, non-sensitive details are appropriate, while account details, personal data, financial figures, or anything a user would not want a bystander to see are not. Show the minimum the glanceable purpose needs, rather than enriching the activity with data that does not need to be there. For remote updates, treat the push payload like other push content: do not include secrets, deliver it through the proper push channel, and protect the push token used for Live Activity updates as you would any token. Remember the content is exposed for the activity's whole lifetime, so end or update activities appropriately as the underlying state changes. The principle is that a Live Activity is a public, unauthenticated display, so populate it only with information that is safe for anyone glancing at the device to see, and handle its remote updates with push-notification care.

What to watch out for

The first trap is putting sensitive information in a Live Activity, which then sits on the unauthenticated lock screen visible to anyone near the device; keep the content non-sensitive. The second is treating the remote update payload casually, when it carries the displayed content and should be handled like push notification content, without secrets. The third is over-populating the activity with data its glanceable purpose does not need. Live Activity content and updates are defined in your app and backend, so a pre-submission scan such as PTKD.com (https://ptkd.com), which reads the compiled IPA against OWASP MASVS, assesses your app's data handling and push usage, while deciding what is safe to display is yours to implement.

What to take away

Live Activities, built with ActivityKit, display live content on the lock screen and Dynamic Island, surfaces visible without the device being authenticated.
Because the content is effectively publicly visible for the activity's lifetime, keep sensitive information out of a Live Activity and show only minimal, glanceable, non-sensitive details.
Treat remote update payloads like push notification content, without secrets and through the proper channel, and protect the push token.
Use a pre-submission scan such as PTKD.com to assess your app's data handling and push usage, and decide Live Activity content on the assumption it is publicly visible.