Perhaps the biggest takeaway from Apple's announcements at the WWDC 2019 keynote in San Jose on Monday and everything else that has come to light since is that Apple is not backing away from its commitment to privacy anytime soon. If anything, with the latest announcements, the Cupertino-based company is doubling down on using security and privacy as a differentiator by introducing a slew of privacy-centric features aimed at controlling the information apps, websites, and service providers can collect. This comes at a time when privacy — or rather the lack of it — has become the talk of the town in the tech industry.
In March 2018, reports surfaced claiming a data-mining firm called Cambridge Analytica had acquired sensitive data harvested from more than 50 million Facebook users to support Donald Trump's 2016 presidential election campaign. This was a watershed moment — a slap across the face so as to speak — which woke people up to the privacy nightmare that is today's highly connected digital world.
Smartphones are conduits of extremely sensitive data and are intrinsically linked with almost every aspect of our life. You are the product and your data is an extremely valuable commodity. Google and Facebook have come under extreme scrutiny of late regarding potential misuse of customer data and violation of trust and privacy. While Apple has had a better track record compared to other tech giants, it too has come under scrutiny. A recent report claimed applications installed via the App Store send data to third-party tracking sites in the background without any intimation to the user.
Apple has always sold itself as the company that values privacy — perhaps the best example of this was seen during the FBI-Apple encryption dispute where-in Apple refused to compromise the privacy of its customers by creating a backdoor that could be dangerous in the wrong hands. Apple has made privacy a huge selling point for the iPhone. The company recently released commercials focusing on the same and even installed a huge Billboard outside CES 2019 show floor in Las Vegas with the words - “What happens on your iPhone, stays on your iPhone”.
Here is a brief rundown of all the features announced by Apple at WWDC 2019 with an aim to bolster privacy.
Sign in with Apple aims to crack down on data sharing during app logins
Sign in with Apple
Many popular applications allow users to easily log-in via their Google or Facebook account. This one-click profile creation comes at a cost — data sharing between the two parties. Apple's new ‘Sign in with Apple' feature aims to crack down on data sharing during app logins. The feature will work across all Apple devices — Macs, iPhones, iPads, Apple TVs, and Apple Watches. Even Android and Windows users can make use of this service via the Web.
What makes this feature extremely impressive is the randomised email generation feature. If an application requires an email ID, users are presented with an option to either part with their real email address, or use this new feature to generate a random iCloud email address.
The ace in the hole is the fact that emails sent to this account will be forwarded to your actual iCloud ID. Each application will get a unique random email address, which will allow users to stop emails from a specific app by simply retiring that particular address.
Limiting location data access
Apple will now allow users to grant applications one-time location access. “For the first time, you can share your location to an app just once and then require it to ask you again next time it wants it”, said Craig Fredereghi, Senior Vice President of software engineering at Apple, during the WWDC keynote.
Many applications try to skirt around location-sharing restrictions by using Bluetooth and Wi-Fi to triangulate the location. With iOS 13 and macOS Catalina, Apple is tightening down on that as well.
iOS will now also be more proactive about sending a notification when an app is accessing location data in the background. Furthermore, iOS 13 will also let users control whether they share the location when sharing photos on social media.
Applications can now be granted one-time location access
HomeKit Secure Video/ HomeKit-enabled routers
Privacy is a huge concern when it comes to smart devices like security cameras and smart doorbells. Not only have there been instances of devices possibly spying on users, but most of them upload the audio/ video data to the cloud for processing as well.
With Apple's new HomeKit Secure Video, videos are processed and analysed locally (on your iPad or iPhone), and are then encrypted before being uploaded to iCloud, where 10 days of footage can be stored at no additional charge. Apple maintains it will not be able to view any of the uploaded content. Netatmo, Logitech, and Eufy will be the first companies to launch products that utilise the HomeKit Secure Video API.
Apple also announced HomeKit-enabled routers which will firewall off any connected HomeKit accessories. If any accessory is compromised or exposed to an attack, other devices connected to the network won't be compromised. The first HomeKit-enabled routers will come from Linksys, Eero, and Spectrum later this year.
Other privacy features for the Mac
In macOS Catalina, applications will have to get permission from the user before accessing files in external volumes, iCloud Drive, and the Documents and Desktop folders. Furthermore, users will be asked for consent before an application can perform key logging or take a still or video recording of the screen.
Additionally, with macOS Catalina, all Macs with the Apple T2 security chip will get support for Apple's Activation Lock feature, which renders a device useless if stolen. Once the feature is activated, the only person who can erase and reactivate the computer is the user.
Apple has also enhanced Gatekeeper, the technology that ensures only trusted software runs on a Mac. Gatekeeper will now check for issues upon installation and periodically thereafter.