Skipping over spyware concerns, Apple boasts ‘built-in privacy’
The US tech giant announced some of the new privacy features on its latest version of iOS. Even though Apple did not address pressing security concerns, experts applaud the expansion of privacy-aimed tools.
Apple announced that “with iPhone and iOS, privacy is built-in from the beginning” during the introduction of its latest smartphone. The company seemed confident with its ‘built-in’ approach since discussing privacy took a mere fraction of the time spent discussing the camera.
Apple will release the new privacy features together with the iOS 15. This means that owners of all devices that are compatible with the new operating system will benefit from the update, not only those trying to get ahold of the latest iPhone.
The latest iOS version will be equipped with on-device voice recognition, meaning that Siri requests will not leave the device to be processed. Another feature - intelligent tracking prevention - blocks trackers from profiling users by using their IP address.
The company’s silence is an indicator that there might not be tangible solutions on the table just yet, and there are some things it’s still working out before making public statements on these issues,Eric McGee.
Lastly, Apple introduced an email privacy protection feature that hides the device’s IP address, preventing anyone from gaining insights into the sender’s mail activity.
According to Mykola Srebniuk, the head of information security at MacPaw, Apple is adding new tools to the mix with the introduction of intelligent tracking prevention and mail privacy protection.
“The new Apple cache service, for example, ‘sanitizes’ images users get via email from tracking pixels, and stores them in the Apple Privacy cache. All further interactions with images will be done exclusively from the Apple Privacy cache,” Srebniuk wrote CyberNews in an email.
Experts we’ve talked to agree that with the rollout of iOS 15, Apple will lead the industry in terms of privacy protection, with other major players such as Facebook and Google lagging behind.
According to Eric McGee, a senior network engineer at TRGDatacenters, privacy upgrades for the new iOS are significant since they make it harder for marketers and governments to track iPhone users.
“These features are highly significant because they provide the user with the power to control their own privacy, an element that was non-existent before,” McGee explains.
Apple has already restricted the use of third-party cookies and introduced Privacy Nutrition Labels that disclose an app’s data collection practices, a move that has troubled Facebook and other makers of data-hungry apps.
Wendell Lansford, a co-founder of privacy-first firm Wyng, thinks decisions like that show Apple’s dedication to privacy, forcing competitors to either follow suit or risk being seen as dismissive of user privacy.
“Armed with features like Hide My Email, a growing number of consumers will simply block communications from brands that send irrelevant or unwanted email. For brands and marketers, the writing is on the wall: it’s time to embrace the “privacy-first” era,” Lansford wrote in an email.
None of the features announced on Tuesday, however, are entirely new. In June, Apple already discussed the identical additions to the upcoming iOS update during the Worldwide Developers Conference (WWDC).
One of the much-anticipated add-ons to Apple services is the Private Relay, which should soon enter beta for iCloud and iCloud+ users.
The feature will allow separating an IP address from a DNS query, meaning that web pages visited by a user won’t see their actual IP address. At the same time, an internet service provider (ISP) would not know the actual DNS query, which means that the information on what web pages the user had accessed would remain hidden.
For brands and marketers, the writing is on the wall: it’s time to embrace the “privacy-first” era,Wendell Lansford.
“Private Relay automatically assigns an anonymous IP address that maps to the user’s region but not their actual location, and ensures that no single entity can identify both who a user is and which sites they visit,” Lansford told CyberNews.
The feature gets confused with a Virtual private network (VPN). Unlike VPN, Private Relay does not hide the location of the IP address. Private Relay will also use a proxy network, which might hinder user access to websites wary of such activity.
The elephant in the room
One thing that Apple did not talk about during Tuesday’s event was the hard-to-miss elephant in the room, the FORCEDENTRY vulnerability, internet security watchdog group Citizen Lab made public on Monday.
The critical vulnerability (CVE-2021-30860) is dangerous because it requires no user interaction and affects all versions of Apple’s iOS, OSX, and watchOS, except for those updated on August 13 or later. Reacting to the ordeal, Apple released a security fix for various versions of the company’s operating system on the same day.
According to McGee, the silence during the annual event is likely an indicator that Apple is still working on something to address the issues which have plagued the company in recent weeks.
“The company’s silence is an indicator that there might not be tangible solutions on the table just yet, and there are some things it’s still working out before making public statements on these issues,” he told CyberNews.
Even though the update is meant to combat the spread of Child Sexual Abuse Material (CSAM), some accused the company of utopian thinking, with good intentions bound to turn sour eventually.
According to Tamas Kadar, CEO and founder of fraud detection company SEON, it’s somewhat strange that a company that boasts ‘built-in privacy’ left out a feature meant to combat CSAM.
However, industry concerns for potential misuse might have swayed Apple to triple check whether malicious actors won’t be able to exploit the issue.
“It appears the company is still set on rolling this feature out, which would suggest Apple wants to ensure it is working properly and address privacy concerns before launching, to avoid any further backlash,” Kadar wrote CyberNews in an email.
More from CyberNews:
Subscribe to our newsletter