Apple OS Updates and Privacy Implications
Announcements at WWDC 2021
With Apple’s yearly Worldwide Developers Conference wrapped up in mid-June, Apple fans were largely surprised to see that this year’s event had no hardware announcements at all. Usually these conferences are known for being short, snappy, and to the point. Instead, this year Apple hosted a meandering two-hour walkthrough of all the planned updates coming to their suite of iOS, macOS, iPadOS, and watchOS operating systems. The central focus of Apple’s efforts this year are enhancements to privacy and security tools that help users control and monitor exactly what data is being harvested and shared by their apps.
Apple began WWDC 2021 by reiterating their legacy of privacy leadership through continued commitment to expanding privacy and security protocols. They boasted how through introducing features such as App Tracking Transparency and Privacy Nutrition Labels on their App Store, they have helped encourage the entire industry to move forward with pro-consumer security and privacy initiatives.
“Privacy has been central to our work at Apple from the very beginning,” said Craig Federighi, Apple’s senior vice president of Software Engineering. “Every year, we push ourselves to develop new technology to help users take more control of their data and make informed decisions about whom they share it with. This year’s updates include innovative features that give users deeper insights and more granular control than ever before.”
Protecting Your Data From Third Parties
A new update to the Mail app introduces Mail Privacy Protection, closing out an exploit that allowed senders from using an invisible pixel that collects data from the receiver. When the email is opened, the receiver’s email client loads a special graphic hidden as an invisible pixel. The receiver can’t see the pixel and has no idea it’s there, but when their computer loads it the sender is able to gather data from them such as when the email was opened, what the user’s IP-address is, and how long the email was opened for, among other things. Apple’s new update blocks the sender from knowing when or if the email was ever opened, and simultaneously masks the receiver’s IP-address so it can’t be linked to their other online activity or used to determine their location.
Apple also announced further updates to its Intelligent Tracking Prevention for Safari. For years ITP has helped shield Safari users from unwanted tracking by using on-device machine learning to block trackers while otherwise allowing websites to function normally. With this year’s update, ITP is getting even stronger by completely shielding the user’s IP-address from trackers altogether. What this means is that trackers will not be able to pinpoint the user’s unique IP-address, track activity across multiple websites and services, and build a general profile about the user’s online interests, activities, and habits.
Monitoring App Privacy
Apple will be introducing a new App Privacy Report when the updates to their OS go live later this year. With the App Privacy Report, users will be able to see exactly which apps are accessing their location, photos, camera, microphone, and contacts list over the past seven days. It shows the exact times the apps accessed each component and provides a way to configure those apps’ settings so they cannot access it again. The App Privacy Report also helps users identify who each app is potentially sharing their information with by listing out all of the third party domains the app is contacting.
Siri Audio Processing On-Device
One of the biggest privacy concerns surrounding voice assistants like Siri is unwanted audio recording. With the deployment of iOS 15, Siri will be able to process significantly more requests on-device. This means an internet connection won’t be required for Siri to perform tasks like launching apps, setting timers or alarms, changing settings, controlling music, and more. On-device audio processing will help to significantly minimize the risk of meddling by any third party.
More Robust Internet Privacy With iCloud+
Among the suite of services receiving upgrades with the launch of Apple’s new operating systems is iCloud. Apple is beefing up their cloud storage service with a whole new set of features called iCloud+. The service will now come packaged with access to a VPN, burner email addresses, and unlimited storage for all HomeKit-enabled residential security cameras. Best of all, the price isn’t increasing with the addition of these upgrades. That means if you are already paying for iCloud, you will automatically receive these new features when the service update rolls out later this year.
Private Relay is a new internet privacy service that will be baked right into iCloud+, allowing users to safely and securely browse the internet in a more protected way. When browsing the internet using Safari, Private Relay will automatically encrypt all data leaving the user’s phone. Not even Apple nor the user’s network provider will be able to access and read it. Private Relay then further splits the user’s data and requests between two separate internet relays. So even if somehow a third party managed to intercept and decrypt the transmission, they would still be missing half of the puzzle.
Perhaps one of the most interesting details of the expanded iCloud+ services is the implementation of temporary burner email addresses. Essentially, the new ‘Hide My Email’ feature allows the user to create a single-use email address that will automatically forward any responses to your actual email inbox. A very useful feature if you want to sign up for a service or create an account somewhere on the internet, but don’t necessarily trust them enough to not spam you with unwanted emails. The feature is built right into Safari, Mail, and iCloud+, and gives users the ability to create and delete as many temporary addresses as they need at any given time. This gives users far greater control over who is able to contact them.
Rounding out the list of upgrades to the iCloud service is the expansion of its built-in support for HomeKit Secure Video. Users will now be able to connect more cameras than ever before, and iCloud+ will provide end-to-end encrypted storage for their home security footage. iCloud+ subscribers will also benefit from HomeKit’s footage not counting towards their storage capacity. Beyond that, activity detected on home security footage captured by HomeKit will automatically be analyzed and encrypted by the user’s Apple devices at home before securely being stored in iCloud+.
Other Useful Features for Developers and Users Alike:
- Share Current Location: With updates to ‘share current location’, users will now be able to share their current location with an app just a single time, without granting developers access to your location after that session. On the developer end, there will be significantly more customization for the share current location button, and it can be integrated directly into their apps.
- Enhanced Photos Limited Library Access: Developers will now be able to offer smart functionality for their apps, even when a user has only granted limited access. Perfect for utilizing specific folders and albums without having access to every photo and video on the user’s phone.
- Secure Paste: With secure paste, developers can let users paste from one app to another without having access to what was copied until the user takes action to paste it into their app. When a developer enables secure paste, users can copy and paste from app to app without being alerted via the pasteboard transparency notification, smoothing out the process and giving peace of mind.
At Lithios we value outside opinions. This blog was written by one of our guest bloggers, Jonathan Baker, with feedback from the Lithios team.