WWDC: 18+ ways Apple plans to make you more secure

Vision Pro, Apple Silicon, Macs, new enterprise tools — and privacy protection were all among the many WWDC announcements Apple made this week.

Introducing these protections, Craig Federighi, Apple’s senior vice president for  software engineering said: “We are focused on keeping our users in the driver’s seat when it comes to their data by continuing to provide industry-leading privacy features and the best data security in the world.

One key set of protections has been improved. While it has implications for anyone who might be a victim, Lockdown Mode is designed to protect high-value targets such as journalists, human rights campaigners, business people, or even politicians. Apple is enhancing this protection in several ways:

In addition, Lockdown Mode now extends to the Apple Watch, closing another avenue for compromise.

Apple hasn’t shared more granular information yet, but given the security environment is febrile and even mid-ranking business executives need to protect themselves and their data, any improvement is welcome.

Another potential safety tool for frequent travelers, Check In lets you automatically let selected people and family members know when you reach your destination safely. The system is intelligent enough to note if you’ve been delayed on your journey and will check in with you. If you do not respond, it will share your location, battery level, cellular service status, and the last time you actively used your iPhone with selected contacts.

You can now share, add, and edit passwords across groups. Intended primarily for families, the idea is that everyone in the group can use the same accounts for some services, such as Instacart. The sharing takes place using iCloud Keychain and is end-to-end encrypted. This kind of sharing means IT can now deploy passcodes and passkeys automatically to managed devices.

If you use enterprise services, you may be pleased that one-time verification codes received in Mail will now automatically autofill in Safari.

Apple introduced a host of additional services and protections for managed devices. You can review most of them here, but three highlights for enterprise IT include:

All Apple platforms will benefit from a new feature called Link Tracking Protection. This is automatically activated in Mail, Messages, and Safari in Private Browsing mode and aims to bolster privacy. It does so by automatically identifying and then removing any user-identifiable tracking data from link URLs. The idea is that tracking code is removed but the link remains viable.

Some ads and analytics firms use link tracking to get data on user habits. However, not every use of such information is bad, which is why Apple is offering Private Click Measurement. This lets advertisers track ad campaign conversions, but not at the cost of user privacy.

If you use Safari’s private browsing mode,  Apple now makes it possible to lock any windows open in that mode with Face/Touch ID and your passcode. It means no one but you should be able to enter your Safari private browsing window, even when you step away from your device.

The new Photos picker will let you select specific images you are happy to share with apps. The idea is that you share the images you’re comfortable sharing, but others are not made available. Apps will need specific and explained permission to access your entire library and the system will periodically remind you of those choices so you can review and revoke that permission.

US businesses will be able to accept IDs in Apple Wallet. A young-looking person may want to purchase alcohol and the business may need to check their age. To do so, both parties hold their iPhones alongside each other, and the business will be able to see the ID info they require.

Apple now shares more information about the privacy/data practices of SDKs used in apps. Available as Privacy manifests, these summarize privacy practices of any third-party code running in the app. That info can then also be included within App Privacy Nutrition Labels on the App Store, giving customers greater insight.

Relevant to Privacy Manifests, Apple confirmed plans to publish a list of privacy eroding Software Development Kits (SDKs) at some point in 2023.

Two critical App Store protections have been introduced. While these don’t have a direct impact on privacy, they may have indirect effects:

Apple’s (now improved) Communication Safety systems can identify video as well as still images that may contain nudity. A new API lets developers integrate Communication Safety in apps. The tools also now work with AirDrop, a FaceTime video message, and when using the Phone app to receive a Contact Poster and the Photos picker to choose content to send.

These protections have also been extended to adults, who can enable a Sensitive Content Warning in Privacy & Security settings. They will then be protected against unwanted exposure to adult content. Apple insists that all image and video processing for the system takes place on the device.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

http://www.computerworld.com/category/security/index.rss