Cursor iOS App Switches Users to Less Private Mode Without Consent

Cursor iOS App Switches Users to Less Private Mode Without Consent

Installing Cursor on iOS silently downgrades privacy protection

Key takeaway: When a user installs the Cursor iOS app and logs in, the service automatically switches the account from the strict "Privacy Mode (Legacy)" (which guarantees no code is stored) to a newer, less restrictive privacy mode, and the legacy option disappears from the UI permanently.


Background on Cursor's privacy modes

  • Privacy Mode (Legacy): The original setting, explicitly labeled "Do not store my code," ensures that none of a user's code is persisted on Cursor's servers.
  • Current Privacy Mode: Introduced later, this mode includes a clause allowing code to be stored for "Background Agents or Other Features," making it ambiguous what data may be retained.
  • The legacy mode was re‑classified as "Legacy" and hidden under an "Extra options" submenu, while the newer mode became the default visible option.

What happened during the iOS installation

  1. The user installed the Cursor iOS application and logged in.
  2. Upon first launch, the app displayed a prompt to enable "Cloud Agents."
  3. Accepting this prompt triggered an automatic switch from the legacy mode to the current privacy mode.
  4. The legacy option vanished from all account settings menus, leaving no in‑app way to revert.

"When you set up the mobile app, the prompt to turn on Cloud Agents switched you from Privacy Mode (Legacy) to our current Privacy Mode, without making clear what that meant or that it's hard to undo. That wasn't right, and we're working on making that prompt clearer."

Support response and limitations

  • Cursor's support acknowledged the issue, apologizing for the lack of clarity.
  • They confirmed that the account cannot be switched back to the legacy mode via the app, stating: "I’m not able to switch your account back to Privacy Mode (Legacy). The option to move back isn’t available in the app today."
  • No alternative method (e.g., web dashboard) was offered to restore the legacy setting.

Why this matters for users and developers

  • Unexpected data retention: Users who rely on the guarantee that no code is stored may suddenly have their code cached on Cursor's servers, potentially exposing proprietary or sensitive material.
  • Consent and transparency: The automatic switch occurs without explicit user consent or clear disclosure, raising legal and ethical concerns about privacy policy compliance.
  • Irreversible UI changes: Removing the legacy option from the UI makes it impossible for affected users to revert, effectively locking them into a less private configuration.

Recommendations for affected users

  • Avoid installing the iOS app if maintaining the strict no‑storage guarantee is critical.
  • Contact support to request a manual rollback, though the current response indicates this may not be possible.
  • Monitor Cursor's updates for any changes to the onboarding flow or the re‑introduction of the legacy option.
  • Consider alternative tools for code editing on iOS that provide explicit, reversible privacy controls.

This post summarizes the original Hacker News ask and the official support reply. No additional comments were available at the time of writing.

Sources