A bevy of new features makes iOS 14 the most secure mobile OS ever

PUTTING ‘EM THROUGH THE PACES —

A bevy of new features makes iOS 14 the most secure mobile OS ever

Behold: The useful and not-so-useful privacy features you’ve been waiting for.

Multiple smartphones on table.
Enlarge / From left to right: iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max.
Samuel Axon

Eleven months ago, Apple CEO Tim Cook declared privacy a “fundamental human right.” The affirmation came as the iPhones his customers carry in their pockets store ever more sensitive information and the company seeks to make privacy a key differentiator as it competes with Google and other rivals.

On Wednesday, the company sought to make good on its commitment with the release of iOS 14. It introduces a bevy of privacy features designed to give iPhone users more control over their personal information. The protections are intended to rein in app developers, online providers, and advertisers who all too often push the limits of acceptable data collection, assuming they don’t fully step over the line.

I spent a little more than an hour testing some of the features. Here’s a brief description of each, how to use them, and some first-blush impressions of how some work.

Camera and mic access notifications iOS has long given users the ability to control what apps are allowed to access the camera and mic. Now, Apple is going a step further. With iOS 14, users actually get notice in realtime whenever an app does, in fact, capture audio or video from a phone. It also provides a list after the fact of apps that have recently accessed the mic or camera.

The notifications shown in realtime can be easy to miss, which is probably what Apple intended. The image below shows the home screen of an iPhone SE when a guitar tuner has the mic turned on.

The sole indicator is the orange dot just to the left of the battery indicator. (On other iPhone models, the dot appears above the signal strength meter). Privacy-minded users will have to train themselves to look for it. Everyone else can just get on with whatever task is at hand.

Unfortunately, the notification of apps that have recently accessed the mic isn’t as useful as I’d like. On my SE, the list was limited to a maximum of just one app, so even when I had recently opened two or more apps that made access, I’d only see the last one. Also problematic: the list appeared empty if I accessed the control center more than about 30 seconds after an app made access.

These after-the-fact notifications appear at the top of the Control Center. Below is what appeared about 20 seconds after I opened an authenticator app that accessed my camera and then opened the guitar tuner that accessed my mic:

These limitations greatly diminish the value of the control center notification because they require a user to access the control center early and often. That’s a time killer. The feature would be more useful if the list refreshed every two to six hours and showed all apps that accessed the mic or camera within that time.

More granular control of stored photos Before iOS 14, users had a binary choice: either allow an app to access the entirety of stored photos or forbid it. Now, users have a new option—allow an app to access one or more specific photos, while the rest remain off-limits. This worked as expected for me.

Control of apps that want to access local networks Some apps have good reason to access a local network. An example is an app that interacts with a smart TV and uses Bluetooth to sense when the phone is nearby. Here’s what iOS 14 showed the first time I opened an app from Samsung:

Plenty of times, however, apps have no legitimate reason for accessing local networks. iOS 14 lets users curtail the practice.

Finer-grained control of location access Once upon a time, iOS users could either grant or deny location access to an app, and that location was precise right down to the physical address. Now there’s a new option to give access to the proximate location. This is useful for a star-gazing app, for instance, which needs a general idea of where you are but doesn’t need an exact location.

Copy and paste notification iOS now provides a notification each time an app accesses the clipboard. This feature is useful because clipboards often store passwords, cryptocurrency wallet credentials, and other highly sensitive information. This feature is even more important now that iOS has access to the clipboards of nearby Macs connected to the same iCloud account.

Compromised password notifications iOS now has access to a database of passwords known to be compromised and warns users any time a password stored in the Keychain password manager is on the list. Apple says it does this in a secure and private way that doesn’t reveal the user’s password even to Apple. The company doesn’t say precisely how this is done. It’s likely similar to the clever cryptography behind Apple’s FindMy app, explained by Wired.

New disclosure requirements for app developers Effective with iOS 14, app developers now must disclose privacy practices to Apple. Details required include any collection of location, contacts, purchases, browsing history, personal finances, and unique identifiers.

Better privacy when using Wi-Fi It’s surprising that Apple is only now fully randomizing the MAC addresses Wi-Fi chips use to identify themselves to Wi-Fi access points. These fixed addresses can be useful in cases when a trusted network wants to control what devices are allowed to connect, or to at least identify those that are.

The problem is that just walking by two or more networks controlled by the same person or organization is enough for the operator to compile a list of what devices and then cross reference them. Connecting to them over time can divulge even more history. The result: access points can log some of your deepest secrets, including what time you left the bar last night, who left with you, and the route you took home.

Apple added MAC randomization in 2014 with the introduction of iOS 8, but researchers and users soon discovered it suffered a key limitation: it worked only when a device was broadcasting probes in order to find networks it had previously connected to. According to this post in Apple news site iMore, randomization didn’t happen when a device actually connected to one.

Apple has finally addressed this limitation. By default, iOS 14 will use a “private address,” by which Apple means a randomly generated MAC that’s unique to a given network. To disable the feature, turn off the Private Address button in the SSID settings.

Otherwise, leave it on:

The feature isn’t as powerful as I’d like it to be. In an ideal world, it would periodically change the MAC address, or allow me to manually change it, so that a single Wi-Fi network can’t track me over time. Based on my brief testing, the random address appears to be permanently tied to a given SSID, even when you tell iOS to forget the network and log in anew.

Website privacy report Safari now provides a privacy report that summarizes the trackers that users have encountered over the past 30 days. To access it, tap the two letter a’s on the left side of the address bar.

Selecting privacy report will generate a response like this one:

Anti-tracking delayed is anti-tracking denied One of the most anticipated privacy features was one requiring app developers to get a user’s consent before tracking their activities on third-party apps and websites. Alas, Apple delayed implementing the feature until at least next year after app developers, particularly those from Facebook-owned Instagram, bitterly complained.

For a company that says privacy is a fundamental human right, Apple’s postponement is a surprise. Fortunately, there are enough other privacy-preserving features to make iOS 14 a significant improvement over what was available previously. Use them and enjoy.

This post was updated on 9/18/2020, 10:45 AM to correct details in the section about MAC randomization.

You must to comment.

Channel Ars Technica


Read More