While a range of new security features have been shipped in iOS 10, several additions come with privacy trade-offs. Let’s take a look at the new steps you can take to lock down your device and protect your privacy.
One of the first changes you’ll notice after updating involves the lock screen. In addition to doing away with the familiar “Slide to Unlock” mechanism, Apple has introduced a revamped Today View.
Building upon the Notification Center widgets from previous iOS versions, the new Today View provides quick access to timely information. Sounds useful, right?
You may notice that authentication isn’t required to view these widgets. A fleeting moment of physical access (or shoulder surfing) could allow a malicious actor to glean sensitive info from your lock screen.
If you’re worried about information leakage, swipe to the right (from the home screen) and scroll down to the Edit option. Here, you can remove data sources as desired.
Reply with Message
Today View isn’t the only lock screen feature causing concern. You can now use the pressure-sensing 3D Touch to respond to messages (again, without authentication). To mark the occasion, a new toggle has been added in Touch ID & Passcode settings.
It’s an easy fix — scroll down to “allow access when locked” and disable Reply with Message. While you’re there, take a moment to review the other options available.
Limit Ad Tracking
Although “Limit Ad Tracking” has been included in iOS for several years, Apple has fleshed out the little-known Advertising area in Privacy settings. In iOS 10, switching this option on sets your device identifier to 0000000-0000-0000-0000-000000000000, preventing advertisers and rogue developers from building an activity history.
App permission requests
New requirements have also been applied to the app development lifecycle. Beginning in iOS 10, a majority of on-device APIs that require permission (e.g. access to Camera) require a specific use case defined in in the Info.plist file.
The application will crash if a permission request is issued without a valid key value pair. Each API (including the ones below) brings a custom message, such as “this app needs access to the camera to take photos.”
- Health Data
Apple software engineering chief Craig Federighi’s brief nod to “differential privacy” led to much discussion in the wake of this year’s WWDC keynote. In essence, differential privacy “aims to provide means to maximise the accuracy of queries from […] databases while minimising the chances of identifying [users].”
Federighi assured users that differential data has never obtained in iOS (or macOS) prior to this launch. Furthermore, collection of this enhanced information will remain an opt-in choice.
At the time of writing, differential privacy is applied to four different aspects of iOS 10: predictive text, emoji suggestions, Spotlight deep linking and “Lookup Hints.”
Ina Fried of Recode‘s reflections on what Apple is doing make for a strong conclusion:
“The company is clearly trying to stake a middle ground in which it can keep its reputation for privacy without entirely giving up on the kind of know-how that comes from a collective understanding of what users are doing.”
“While Apple is clearly pitching this as a just-right balance, it runs the risk of losing some of its privacy points while still not getting the kind of data it needs to truly rival Google and Facebook in the machine intelligence game.”
It will be interesting to see how Apple develops its AI offering in the months ahead.
Think I’ve missed an important feature? Interested in discussing the workings of differential privacy? Feel free to leave a comment down below.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.