After going in hard on privacy at its World Wide Developer's Conference in June, Apple has updated its privacy web page.
The site aims to easily explain how the new privacy features work, but also contains technical white papers that go into detail in regards to how Apple's hardware and software keeps user data safe.
This is the first time that Apple has released technical white papers on these topics and they cover Location Services, Sign In With Apple, Photos and Safari. You can check out the site here. And since it's been awhile since WWDC, here's a refresher on the biggest privacy features.
Sign in with Apple
The biggest new addition to Apple's security lineup is Sign In With Apple. It's the company's answer to social logins such as 'Login With Facebook'. While it's super convenient to not have to create a new account on every website and app that comes with a login feature, it's also quite problematic.
In addition to security concerns one click profile creations system entail, they are also often used to track and sell people's information. By comparison, Sign In With Apple is said to offer users the convenience without the issues. You can sign into apps and websites with your Apple ID, as well as with Face ID and Touch ID.
No tracking info or personal data will be attributed to your account. And if you really want to take it to the next level you can have a randomly generated faux email address attributed to each individual app and website. Any emails sent to these fake addresses will be forwarded to your real one. The emails can be changed or disabled at any time
While originally third party app developers were going to be forced to include Sign In With Apple as an option for logging into their apps, this is no longer the case.
The App Store review guidelines now state:
Your app exclusively uses your company’s own account setup and sign-in systems.
- Your app is an education, enterprise, or business app that requires the user to sign in with an existing education or enterprise account.
- Your app uses a government or industry-backed citizen identification system or electronic ID to authenticate users.
- Your app is a client for a specific third-party service and users are required to sign in to their mail, social media, or other third-party account directly to access their content.
App location permissions, controls and notifications
Apple will now allow you to know how and when your location data is being shared with third party apps. For example, you can now decide whether an app will have to ask to access every time you use it. This builds on the other permissions that allows access while the app is use, anytime or never. And if an app is using your location in the background your device will send a reminder so you can make a more up-to-date choice. Lastly, you can now decide whether you want your photos to have their location attached when shared.
Wi-Fi and Bluetooth location privacy enhance
Additional limits have been placed on what network data is shared with an app. You can also give the thumbs down to apps you don't want accessing your bluetooth devices.
The notes section of Contacts will no longer be shared with third party apps you've granted them access.
HomeKit Secure Video and routers
Activity captured on HomeKit Secure Video enabled cameras will be processed locally on device before being encrypted and sent to the iCloud. When a camera detect motion the video can be sent to a HomePod, iPad running as a Home Hub or an Apple TV. They'll also be able to tell if the movement is coming from a persona, animal or vehicle. Only you and anyone you share the app with with have access to the recordings. Launch partners include Logitech, Eufy Security (Anker) and Netatmo.
Home security is also being extended to HomeKit-enabled routers. They will enable firewalls so you can cut off individual devices from the rest of your network if you suspect they've been compromised, so long as they support HomeKit.
Find My is getting is now updated to include devices that are offline. It does this by sending an encrypted and anonymous bluetooth beacon to nearby Apple devices to find its location. The communication is end-to-end encrypted and Apple won't know the location or your device or the identity of the person's device that found it.
The noise app can detect the decibel levels around you and send a notification if it could be detrimental to your hearing.
“The watch can send a notification if the decibel level reaches 90 decibels, which can begin to impact hearing after four hours per week of exposure at this level, according to the World Health Organisation,” Apple said at WWDC.
It can be added as a complication and despite sampling audio, it does not record or save any of it.
This will allow anyone who gets a period to track and view their menstrual data from the Cycle Tracking app in WatchOS or on the iPhone's Health app. All of this information is encrypted on device, as well as on an iCloud backup if that's enabled. End-to-end encryption will only be available on iCloud for iOS 12 or later and if two-factor authentication is on. If not, only regular encryption will apple.
Users have the ability to log symptoms and can allow notifications for when a period is about to begin and when they're likely to be fertile. In addition to being available on the Apple Watch, it can also be used through the iPhone Health app.