9+ iOS 12 security improvements you should know about
Credit to Author: Jonny Evans| Date: Tue, 18 Sep 2018 04:03:00 -0700
Apple has shipped iOS 12 and it’s packed with new security improvements and settings every user needs to know about.
Apple has made it much harder for data harvesting companies to exfiltrate your data without you knowing.
Safari in iOS 11 blocked third-party cookies that tracked you across multiple websites and cookies older than 30-days in age.
iOS 12 also gives you the option to block social media sharing icons and comment boxes from tracking you. Apple has also made it much harder for fingerprinting technologies to track and identify you by gathering information about your device, such as capacity or installed apps.
You can now disable the Autofill Passwords feature in Passwords and Accounts if you don’t want to make use of this. You can also ask Siri to show you passwords from your iCloud Keychain, though it will first ask you to prove your identity with your device passcode/Touch ID/Face ID.
While it is excellent security practise to install all available software updates (particularly security updates) when they ship, some enterprise IT security policy may demand a slight delay.
If there is no policy against it, every iOS users is better protected by ensuring Automatic Software Updatesare enabled (set to Automatic) in Settings>General>Software Update.
I do think some enterprises would find it useful if Apple created a setting to install updates after a specified delay, as this would enable internal approval systems to take place before installation. However, for most users automatic software updates is the way to go.
Not precisely a security feature, but new to iOS 12 and rather useful: Apple has made it possible for iPhones to support Express Card transactions when the device runs out of energy.
This means that when you use your iPhone’s Wallet to carry your transit card or student ID you may still be able to prove who you are even when your iPhone is out of power, which wasn’t possible until now.
“Pressing the side button displays the low battery icon as well as text indicating Express Cards are available to use. The NFC controller performs express card transactions under the same conditions as when iOS is running, except that transactions are indicated with only haptic notification. No visible notification is shown,” Apple states.
Supported iPhones automatically support this feature with a transit card designated as the Express Transit card or student ID cards with Express Mode turned on.
iOS 12 lets users set-up a secondary appearance for use with Face ID.
Apple says this is for people who may look dramatically different for some reason, (with and without a beard, for example), but many users are likely to use the secondary appearance feature to make it easier to share their iPhone X-series with others.
This may not be the most secure decision.
Apple warns that adding a secondary appearance decreases the probability that a random human can unlock your device from 1/1million to 1/500,000.
(Interestingly, if you have five fingerprints registered with Touch ID that probability rises to 1/10,000, Apple says.)
Announced at WWDC 2018, iOS 12 provides password auditing tools that warn you when you use the same password twice, and helps you change them.
You’ll find the tool in Settings>Passwords & Accounts>Website & App Passwords.
This new iOS 12 tool makes it much easier to use two-factor authentication (2FA) on your device. Until now, when you receive a text containing your one-time authentication code you have had to take a look inside Messages for the code, copy and paste or memorize it and then manually enter it into the authentication window of the website, app or service you want to use.
iOS 12’s Security Code Autofill makes this a little easier by automatically recognizing the code and making it possible to enter it inside the relevant window in one tap on the QuickType window.
The convenience should make users more likely to use 2FA, but security experts still warn us to double-check the code before use.
Siri is smart enough to suggest things you might want to do, including providing you with potentially useful Siri Shortcuts. It is important to understand that these suggestions are based on on-device machine learning, which means information about you, your employees or their habits is not shared with Apple in any way that can identify the user.
Apple has said that Siri Shortcuts, which can be set to sync between all devices with the same Apple ID, are protected by anti-malware definitions to prevent people from adding malicious JavaScript to them.
Siri Shortcuts can be shared over iCloud. You can prevent this behaviour by switching it off in Settings>Shortcuts(on the app list) and toggle to off (white).
This new security feature is designed to prevent third parties from accessing data on iOS devices using USB-based tools that by-pass device security. When Apple’s USB Restricted Mode is enabled no one can use these tools to access your data from one hour after the device was last unlocked by you.
USB Restricted Mode is managed in Settings>Touch ID & Passcode (or Face ID on X-series iPhones) and make sure that the USB Accessories setting is set to Off.
Apple has also made it much harder to change a device’s passcode when it is in Device Firmware Update (DFU) mode in iOS 12, though only on A12 processors.
Apple has published an updated security white paper detailing all the different security protections inside iOS 12. It includes details pertaining to all the latest security enhancements, including Siri Suggestions, Siri Shortcuts, the Shortcuts app, Screen Time, Password AutoFill Student ID cards, and more. The document also confirms that Screen Time data is protected by end-to-end encryption.
Google+? If you use social media and happen to be a Google+ user, why not join AppleHolic’s Kool Aid Corner community and get involved with the conversation as we pursue the spirit of the New Model Apple?
Got a story? Please drop me a line via Twitter and let me know. I’d like it if you chose to follow me on Twitter so I can let you know about new articles I publish and reports I find.