SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Apple unveils new and updated privacy and security features
Wed, 7th Jun 2023

Apple has announced its latest privacy and security innovations, including significant updates to safari private browsing, communication safety, lockdown mode, and app privacy improvements. In addition, Apple introduced new features designed with privacy and security at their core, including check-in, NameDrop, and live voicemail. 

“Privacy is designed into every new Apple product and feature from the beginning,” says Craig Federighi, senior vice president of software engineering at Apple. “We are focused on keeping our users in the driver’s seat when it comes to their data by continuing to provide industry-leading privacy features and the best data security in the world. This approach is evident in a number of features on our platforms, like the major updates to safari private browsing, as well as the expansion of lockdown mode.”

“Safari introduced private browsing years before any other browser. This year, a significant update provides even greater protection against trackers as users browse the web and from people who might have access to their device. Advanced tracking and fingerprinting protections go even further to help prevent websites from using the latest techniques to track or identify a user’s device. Private browsing now locks when not in use, allowing a user to keep tabs open even when stepping away from the device,” says the company. 

A new embedded photos picker can help users share specific photos with apps while keeping the rest of their library private. When apps ask to access the user’s entire photo library, the user will be shown more information about what they’ll be sharing, along with occasional reminders of their choice.

Some websites add extra information to their URLs to track users across other websites. Now this information will be removed from the links users share in messages and mail, and the links will still work as expected. This information will also be removed from links in Safari private browsing.

New tools give developers more information about the data practices of third-party software development kits (SDKs) they use in their apps, allowing them to provide even more accurate privacy nutrition labels. These changes also improve the integrity of the software supply chain by supporting signatures for third-party SDKs to add another layer of protection against abuse.

Communication safety, designed to warn children when receiving or sending photos in messages that contain nudity, now covers video content in addition to still images. 

A new API lets developers integrate communication safety right into their apps. In addition, the feature will now help keep kids safe when they're sending and receiving an AirDrop or a FaceTime video message and when using the phone app to receive a contact poster and the photos picker to choose content to send. All image and video processing for communication safety occurs on the device, meaning neither Apple nor any third party gets access to the content. These warnings will be turned on for the child's accounts in their family sharing plan and can be disabled by the parent.

Sensitive content warning helps adult users avoid seeing unwanted nude images and videos when receiving them in messages, an AirDrop, a FaceTime video message, and the Phone app when receiving a contact poster, all using the same privacy-preserving technology at the core of communication safety. The feature is optional and can be turned on by the user in privacy and security settings. As with communication safety, all image and video processing for sensitive content warnings occurs on the device, meaning neither Apple nor any third party gets access to the content.

“For easier and more secure password and passkey sharing, users can create a group to share a set of passwords, and everyone in the group can add and edit passwords to keep them up to date. Since sharing is through iCloud keychain, it is end-to-end encrypted. Additionally, one-time verification codes received in mail will now automatically autofill in Safari, making it easy to securely log in without leaving the browser,” informs the company. 

Lockdown mode expands to provide even more protections for those who may be targeted by mercenary spyware because of who they are or what they do. New protections encompass safer wireless connectivity defaults, media handling, media sharing defaults, sandboxing, and network security optimisations. 

Turning on lockdown mode further hardens device defences and strictly limits certain functionalities, sharply reducing the attack surface for those who need additional protections. Additionally, Lockdown Mode will be supported on watchOS.

Check-in makes it easy for users to let friends or family members know they've reached their destination safely. Once turned on by the user, check-in automatically detects when the user has reached their intended destination and will inform selected contacts via messages. 

“In the case that something unexpected happens while the user is on their way, check in will recognise that the user is not making progress toward their declared destination and check in with them. If they don’t respond, the feature will share useful information, like the user’s precise location, battery level, cell service status, and the last active time using their iPhone, with the contacts the user selected,” says the company. 

In addition to making it easier to get help if needed, check-in is designed around privacy and security, keeping the user in control by letting them choose whom to share their information with, including the destination and time duration that they set. Users can end the check-in session at any time. Information sent with check-in is end-to-end encrypted so only the user's family member or friend can read it, not Apple or anyone else.

With NameDrop, a new AirDrop experience, a user can hold their iPhone near another to share their contact information with only their intended recipients. Users can also choose the specific contact details they want to share and, importantly, what information they don’t want to share. Users can also share content like photos or links the same way. 

Apple Watch users can also use NameDrop by tapping the share button in my card in the contacts app or by tapping my card watch face complication and then bringing the Apple Watch face to face with someone else's Apple Watch. As with all AirDrop experiences, these new features securely share content over an encrypted connection.

“Live voicemail makes it easier to know when to answer a phone call. When someone calls and starts to leave a message, users will see a live transcription as the caller speaks. If the user wants to talk to the caller, they can pick up the call at any time. When silence unknown callers is turned on, calls from unknown numbers will go directly to live voicemail without ringing. Calls identified as spam by carriers won’t appear as live voicemail, and will instead be instantly declined. This gives the user more peace of mind that spam, scams, or calls that may be invasive of privacy, can be ignored without missing important calls. Thanks to the power of the neural engine, live voicemail occurs entirely on device, and this information is not shared with Apple,” says the company.

“The above features will be coming in free software updates this U.S. spring,” it concludes.