WWDC: Apple digs deep to secure its platforms
Apple's WWDC announcements included plenty for enterprise professionals. One area that deserves particular attention relates to the variety of privacy improvements the copany is making, because they offer significant benefits for the security conscious.
Putting you in control of your data
The main thrust of Apple's recent work on privacy is information. The argument is that everyone should know about data collection, what it means, and which apps collect what information - and have at least some understanding of how that data is used.
App Transparency Tracking, Privacy Nutrition Labels, and controls to limit what data apps can access will help enterprise and consumer users gain better insight into the data journey. Apple at WWDC enhanced this insight with a new App Privacy Report; it gathers information about each of the apps you use to show which ones follow the permissions you've okayed.
If an app has permission to use your microphone, you'll be able to see whether the app has actually done so, revoke that permission if you choose, and vet with whom that data may be shared by seeing all the third-party domains an app is contacting.
Apple also continues to do what it can to prevent systems and services (its own and those belonging to others) from gathering data in the first place.
More on this below, but IP address masking, VPN-like browsing built-i,n and a ban on invisible pixels for marketing and mail tracking will all have significant benefits for many - though some advertising and marketing companies will be forced to adopt new practises.
Insight is nothing without control
The idea here is that not only do you gain better insight into app permissions as you install them, you also gain better control and better insight of that app in use. This also makes it much easier to identify apps that may not be keeping promises made in Privacy Nutrition Labels.
Apple hasn't yet ramped up enforcement, but we know it's coming, given the company continues to warn developers who attempt to evade these protections that they can expect consequences.
Apple isn't going to stop focusing on privacy, promised Craig Federighi, Apple's senior vice president software engineering:
Apple's efforts are having an impact. Google recently confirmed plans to anonymize identifiable data on Android.
Stopping email spies, and IP address tracking
Even MailChimp uses invisible pixels in emails to see whether and when a person opens an email. Marketers love this information: it helps them gauge campaign effectiveness, though it has also been abused.
Mail Privacy Protection stops senders from collecting such information and masks the IP address. This kind of protection should help build another barrier to prevent targeted phishing attempts. (Apple has also improved Safari's Intelligent Tracking Prevention, which now hides a user's IP address from trackers, which prevents this being used to track activity online.)
The thinking is that this protection relies on technology Apple built in collaboration with CloudFlare. This feature also means ISPs will be unable to easily track which sites you visit.
When it comes to Safari, there are little security enhancements, too. Safari will now automatically connect to websites using HTTPS, even if they are loaded with HTTP. That small change may make a big difference, particularly around protecting users from accessing fraudulent websites.
Together, these many improvements should help blunt the impact of phishing on Apple's platforms, an essential upgrade for every remote enterprise.
With a little +, iCloud brings security protection
I think we have more to learn concerning iCloud+, which seems to consist of iCloud as we know it coupled with new features such as iCloud Private Relay (which works a little like an Apple VPN), Hide My Email, and expanded HomeKit Secure Video support.
The first two are of interest to both consumer and enterprise users. Private Relay encrypts all traffic leaving a user's device so no one can access and read it. Apple's own description is the clearest:
"The first assigns the user an anonymous IP address that maps to their region but not their actual location. The second decrypts the web address they want to visit and forwards them to their destination," the company said.
This should be mandatory when working remotely using public Wi-Fi.
Apple's Hide My Email may be of particular use to enterprise users who find they build quite an email correspondence of spam once they share contact details with others to access reports and other business resources. This tool lets you use a random email address for such things to keep your personal email private. You can create and delete as many addresses as you need at any time from within Safari, iCloud, and Mail.
One more thing: Apple didn't say much about it, but iCloud+ also lets you use a custom domain name, as mentioned on the iOS 15 preview page, where the company says:
I'm curious about whether this might be something that extends a little further than family and personal accounts. I'd quite like an iCloud+ for SMEs to take on Google, for example.
Finally, HomeKit Secure Video can now handle more cameras and keeps data encrypted in iCloud and analyzed at home - or to protect the Macs in your home office.
Hey Siri, I didn't know you were listening
Apple announced that the audio of Siri requests will in the future be processed on the device, rather than in the cloud. This should mean an end to unwanted audio recording (though I'll be looking at the user agreement for Siri once this new feature ships). It also means many requests can be processed without an internet connection and should make Siri much faster and more responsive. It is a testament to the power of the Neural Engine inside Apple Silicon.
BUT: I have since learned that Siri requests will not (yet, presumably) be processed on the device if made using a Mac, and you should know that.
These new improvements will debut on Apple's platforms with iOS 15, iPad OS 15, macOS Monterey, and watch OS 8. All will ship later this year.
Please follow me on Twitter, or join me in the AppleHolic's bar & grill and Apple Discussions groups on MeWe.