What the company should add next | #ios | #apple | #iossecurity | #education | #technology | #infosec


When it announced plans to detect images of child sexual abuse on iPhones, privacy experts called the technology “dangerous,” and one that could possibly be exploited by authoritarian governments. (Apple ultimately stopped talking about the feature without having released it.) And while the company took privacy into account with its AirTag trackers, critics still raised concerns about the tiny gadgets’ potential to enable stalking, leading Apple to tweak their functionality after release.

Those controversies aside, when it comes to protecting your data and securing your online privacy, it’s fair to say that no other tech giant goes further than Apple. Yet, that’s not to say the company can’t go even further. And with its annual Worldwide Developers Conference WWDC) just a month away, many are hoping the company will double down on privacy and security in 2022. Here are 10 ways it can do that.

Add end-to-end encryption for iCloud backups

Ask any privacy expert, and you’ll likely hear, Apple’s biggest privacy flaw is that iCloud backups are not end-to-end encrypted. Instead, they’re merely “encrypted.” 

The distinction is important.

When your data are end-to-end encrypted, only you can access it, because only you hold the decryption keys. When data are simply encrypted, both the user and the entity that possesses the data—Apple in this case—hold the decryption keys and can access the data at any time.

Currently, iCloud backups are only encrypted, so anything they contain can be accessed by Apple. While iCloud backups include non-personally identifying information, such as device settings, in some instances they also include your photos and messages. And though there’s no reason to think Apple is snooping around, from a technical standpoint, it could peek into your messages and photos—or turn the decrypted backups with that data over to governments when compelled to with a valid legal order. 

The citizens of democratic nations, such as the U.S., have powerful legal protections against unwarranted searches, which means the government needs a very good reason (and a court order) to access someone’s data. But less democratic nations usually don’t offer such legal protections, which leave their citizens with iCloud backups potentially vulnerable.

One argument Apple uses for not end-to-end encrypting iCloud backups is so the company can recover data when users forget their password. It’s a valid point. However, an easy compromise between privacy, security, and convenience would be to allow users to choose if they want their iCloud backups end-to-end encrypted, and are willing to assume the risks that come with that.

End-to-end encrypt more iCloud data

If you’re an iCloud user, some of your data are potentially stored in two different ways on Apple’s servers: as part of your iPhone’s iCloud backup, and separately in iCloud itself. The lack of end-to-end encryption of your data for the latter type of storage is even more egregious than for iCloud backups. This is because iCloud itself usually stores much more sensitive personal data than what’s in your iCloud backup.

While some iCloud data are end-to-end encrypted, much of it is not. Data that lack end-to-end encryption include your calendars, contacts, files in iCloud Drive, notes, photos, reminders, Safari bookmarks, Siri Shortcuts, voice memos, Wallet passes, and iCloud emails.

That is a shocking amount of personal data that Apple could theoretically access, since it has the decryption keys, too. Again, the company’s reasonable argument is that if this data were end-to-end encrypted, it couldn’t help users restore it if they forgot their password. Still, a compromise solution would be to allow the user to choose to have the data end-to-end encrypted and assume the risks that come with it.

Offer an end-to-end encrypted iCloud partition

iCloud Drive is Apple’s cloud storage solution—its answer to the likes of Dropbox. iCloud Drive allows you to store your data in Apple’s cloud. But again, the data are merely encrypted. If Apple doesn’t want to end-to-end encrypt all of iCloud Drive, it could still choose to offer users the best of both worlds.

iCloud Drive could contain a special partition, viewable as a folder, that is end-to-end encrypted by default. Any documents you drop there would automatically be end-to-end encrypted, too, while documents in other parts of your iCloud Drive would remain merely encrypted.

Offer a secure hidden photos folder

Many people have photos they would like to keep hidden from others. These may be intimate images meant for their partner, or photos of an odd bump they’ve found that they want to share with their doctor. The last thing anyone wants is for these images to be visible when scrolling through an iPhone’s camera roll with a friend.

iOS currently has a built-in hidden folder option that removes the images placed into it from the camera roll. However, this hidden folder is laughably easy to access because it’s not locked behind a password—it’s simply a setting you can toggle off in the Settings app. That means that anyone who has access to your phone can easily access the hidden folder and see the images inside.

It’s baffling why Apple has not implemented the ability to lock this hidden folder behind a password, Face ID, or Touch ID. The fix is simple.

Provide Face ID security for any app

Another longtime request from users is the ability to lock any app behind Face ID or Touch ID. Right now, developers can choose to add Face ID or Touch ID authentication to their apps, so you can’t access them without first authenticating yourself.

However, Apple should move this authentication option for apps to the system level and simply let users choose to lock any app behind Face ID or Touch ID–no need for developers to implement it. This would be especially useful for apps that contain personal communications, such as email apps, and ones that hold photos and financial information, like Apple’s own Photos and Wallet apps.

In a similar vein, Apple should also implement the ability to lock files and folders on a Mac behind a password or Touch ID–which most Macs now support.

Expand (and fix) iCloud Private Relay

Private Relay is an awesome privacy feature introduced last year for iCloud Plus subscribers. It’s a cross between Tor and a VPN, and it keeps websites viewed in Safari from knowing your IP and exact location.

Unfortunately, Private Relay only works when you use the Safari browser. Apple should expand Private Relay so it also blocks apps from knowing your IP and exact location. This would give users much greater privacy protections, as many people access sites—Facebook and Reddit, for example—through their dedicated apps instead of through a browser.

Though Private Relay works great on an iPhone, it simply fails to work for many Mac users. If you have a VPN installed—or even certain Safari extensions—they’ll conflict with your ability to use Private Relay on a Mac, resulting in the frustrating error, “Some of your system settings prevent Private Relay from working: Your system has extensions or settings installed that are incompatible with Private Relay.” You are then instructed to click here for further information—yet the help article provides no information on what exactly is causing Private Relay to fail on your Mac, so you are left with the inability to use it.

Fix Mail Privacy Protection

Mail Privacy Protection is another killer privacy feature Apple has introduced recently. It loads remote email content privately in the background, preventing the sender from knowing your IP address and your location. It’s a terrific way to prevent tracking pixels from snooping on the contents of iCloud email users.

But as with iCloud Private Relay, while Mail Privacy Protection works great on the iPhone, the same can’t be said for the Mac. It seems as if most VPN software will stop Mail Privacy Protection from working–even if the VPN client isn’t active. In these instances, you’ll get the annoying error, “Unable to load remote content privately,” and be instructed to click a button to load the email content. Mac forums are rife with complaints about this drawback on the Mac. Mail Privacy Protection is a great feature; it’s just a shame it doesn’t work for many macOS users.

Auto-strip shared photo date and location data

When you take a photo with your iPhone, it embeds location, time, and date metadata into the file. That’s why you’re able to view your photos chronologically and by location on a map—very cool features.

However, by default, this metadata will remain in the photo when you text or email it to someone (CNET has an explainer for how you can manually strip it here). Apple should add a system setting that allows users to choose to have date and location metadata automatically stripped from photos as they get texted or emailed to someone. This would give you more privacy and security without having to remember to manually strip the metadata each time.

This feature would be a great way to protect your location privacy when sending photos to strangers (say, of an item in your garage that you are selling to a stranger on Craigslist). Metadata stripping is already common when posting photos to social media networks, and Apple should make it something you don’t need to think about when sharing images.

Give Safari an HTTPS-only Mode

Safari is one of the best browsers when it comes to privacy, but, bafflingly, it doesn’t have an HTTPS-only mode.

HTTPS is a protocol that encrypts web traffic. If a site offers HTTPS, your data and actions on the site are encrypted from prying eyes. This is opposed to a site using the older HTTP protocol, which could allow prying eyes to see what you are doing. Most sites offer HTTPS nowadays, however, some still do not.

Browsers such as Firefox, offer a setting called HTTPS-only, which will block any non-HTTPS websites from loading (you can then choose to load the HTTP version after being made aware of the lack of HTTPS). Bafflingly, Safari doesn’t offer such a security setting. Instead, Safari will only force a website to load the HTTPS version—if it’s available. If it’s not, Safari will load the HTTP version automatically.

If Safari wants to remain the privacy king of browsers, an HTTPS-only mode is a must.

Integrate App Privacy Labels in Settings

In 2020, Apple introduced App Privacy Labels. They’re viewable in an app’s App Store listing and help you see what the app does with your data. However, if the data policies of an app change in the future, users who have already downloaded the app aren’t always notified by the developer.

To ensure that you are always up-to-date on any app’s Privacy Label changes after you’ve already downloaded the app, Apple should make the current Privacy Label for the app easily accessible from the Settings app in iOS. Users could even be notified when an installed app’s Privacy Label changes. Think of this feature as an always up-to-date privacy scorecard for each app, readily available from a single location.

Apple is almost certain to dedicate some of its upcoming WWDC keynote to new privacy-preserving features. How many of my suggestions will make the cut? Some are more likely (enhanced iCloud Private Relay, photo metadata stripping) than others (iCloud end-to-end encryption). It’s also likely that iOS, iPadOS, and MacOS will add privacy features other than those above. We’ll have to wait until the keynote on June 6 before we know for sure.


Source link