WWDC: 18+ ways Apple plans to make you more secure

Vision Pro, Apple Silicon, Macs, new enterprise tools — and privacy protection were all among the many WWDC announcements Apple made this week.

Introducing these protections, Craig Federighi, Apple’s senior vice president for  software engineering said: “We are focused on keeping our users in the driver’s seat when it comes to their data by continuing to provide industry-leading privacy features and the best data security in the world.

Apple locks down Lockdown Mode

One key set of protections has been improved. While it has implications for anyone who might be a victim, Lockdown Mode is designed to protect high-value targets such as journalists, human rights campaigners, business people, or even politicians. Apple is enhancing this protection in several ways:

• A device will not connect to (highly insecure) 2G networks.
• Devices will not be able to auto-join insecure wireless networks.
• Media handling and sharing will be better protected and limited.
• Sandboxing and network security will be optimized.

In addition, Lockdown Mode now extends to the Apple Watch, closing another avenue for compromise.

Apple hasn’t shared more granular information yet, but given the security environment is febrile and even mid-ranking business executives need to protect themselves and their data, any improvement is welcome.

Travelers will use Check In

Another potential safety tool for frequent travelers, Check In lets you automatically let selected people and family members know when you reach your destination safely. The system is intelligent enough to note if you've been delayed on your journey and will check in with you. If you do not respond, it will share your location, battery level, cellular service status, and the last time you actively used your iPhone with selected contacts.

Passwords and passkeys

You can now share, add, and edit passwords across groups. Intended primarily for families, the idea is that everyone in the group can use the same accounts for some services, such as Instacart. The sharing takes place using iCloud Keychain and is end-to-end encrypted. This kind of sharing means IT can now deploy passcodes and passkeys automatically to managed devices.

Making Verification codes great again

If you use enterprise services, you may be pleased that one-time verification codes received in Mail will now automatically autofill in Safari.

Better protections for managed devices

Apple introduced a host of additional services and protections for managed devices. You can review most of them here, but three highlights for enterprise IT include:

• Added layers of protection and privacy in macOS for managed devices, including new ways to deploy apps and configuration files.
• New authorizations and messages to encourage users to register their devices with company MDM services.
• IT enforced software updates on specific deadlines with improved user transparency.

Introducing Link Tracking Protection

All Apple platforms will benefit from a new feature called Link Tracking Protection. This is automatically activated in Mail, Messages, and Safari in Private Browsing mode and aims to bolster privacy. It does so by automatically identifying and then removing any user-identifiable tracking data from link URLs. The idea is that tracking code is removed but the link remains viable.

Private Click Measurement

Some ads and analytics firms use link tracking to get data on user habits. However, not every use of such information is bad, which is why Apple is offering Private Click Measurement. This lets advertisers track ad campaign conversions, but not at the cost of user privacy.

Private Browsing now locks when you aren’t using it

If you use Safari’s private browsing mode,  Apple now makes it possible to lock any windows open in that mode with Face/Touch ID and your passcode. It means no one but you should be able to enter your Safari private browsing window, even when you step away from your device.

More control sharing photos with apps

The new Photos picker will let you select specific images you are happy to share with apps. The idea is that you share the images you’re comfortable sharing, but others are not made available. Apps will need specific and explained permission to access your entire library and the system will periodically remind you of those choices so you can review and revoke that permission.

You can get a drink

US businesses will be able to accept IDs in Apple Wallet. A young-looking person may want to purchase alcohol and the business may need to check their age. To do so, both parties hold their iPhones alongside each other, and the business will be able to see the ID info they require.

Making app developers privacy conscious

Apple now shares more information about the privacy/data practices of SDKs used in apps. Available as Privacy manifests, these summarize privacy practices of any third-party code running in the app. That info can then also be included within App Privacy Nutrition Labels on the App Store, giving customers greater insight.

Naming and shaming

Relevant to Privacy Manifests, Apple confirmed plans to publish a list of privacy eroding Software Development Kits (SDKs) at some point in 2023.

Additional App Store protections

Two critical App Store protections have been introduced. While these don’t have a direct impact on privacy, they may have indirect effects:

• Apps containing ads must now also provide in-app tools to report exposure to inappropriate or age inappropriate ads. This should reduce exposure to adult advertising and may help mitigate against “honeypot” models of malware distribution.
• Apps that impersonate other apps or services could be removed and might see developers banned. That’s good for companies, as it makes it harder to distribute fake company branded assets. But it also means that spoof apps containing malware, or links to it, may be removed.

Communication Safety tools extended

Apple’s (now improved) Communication Safety systems can identify video as well as still images that may contain nudity. A new API lets developers integrate Communication Safety in apps. The tools also now work with AirDrop, a FaceTime video message, and when using the Phone app to receive a Contact Poster and the Photos picker to choose content to send.

Now for grown-ups

These protections have also been extended to adults, who can enable a Sensitive Content Warning in Privacy & Security settings. They will then be protected against unwanted exposure to adult content. Apple insists that all image and video processing for the system takes place on the device.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.