You are not imagining things. The Apple Podcasts app sometimes opens on its own and loads shows you never subscribed to. This strange behavior keeps appearing across devices, and it often points you to religious, spiritual, or educational programs you did not choose. While the issue does not signal immediate danger, it still deserves attention because it breaks user trust and control.
At least one of these auto-opened shows even carried a suspicious link. That link attempted a known attack method called cross-site scripting, or XSS. Although this type of attack feels dated, it still poses a risk when bad actors exploit weak points in app behavior.
Why does this keep happening
According to 404 Media, the problem comes from how Apple Podcasts handles external links. You do not need to tap anything. Simply visiting certain websites can trigger the app to launch and load a podcast chosen by an attacker. This makes the situation more unsettling because it removes user intent from the process.
Security expert Patrick Wardle explained that similar behavior occurs when just loading a webpage. As a result, Podcasts open without approval or warning. Unlike other apps that request permission before launching, this one skips that step. Therefore, it creates an opening for manipulation, even if no major harm has surfaced yet.
Meanwhile, 404 Media also observed that some of these rogue shows date back to 2019. A few episodes stay silent, while others use foreign languages. Over time, Apple added filters and safeguards, yet attackers keep finding creative ways around them. Apple has not responded to repeated requests for comment on this issue.
For now, you should stay aware. If Apple Podcasts opens on its own, close it and review any unfamiliar subscriptions. This behavior should not feel normal, and Apple needs to address it directly.
