SecureMac, Inc.

The Checklist Podcast

SecureMac presents The Checklist. Each week, Nicholas Raba, Nicholas Ptacek, and Ken Ray hit security topics for your Mac and iOS devices. From getting an old iPhone, iPad, iPod, Mac, and other Apple gear ready to sell to the first steps to take to secure new hardware, each show contains a set of easy to follow steps meant to keep you safe from identity thieves, hackers, malware, and other digital downfalls. Check in each Thursday for a new Checklist!

Checklist 189: WWDC20 and the Mac

Posted on June 24, 2020

On this week’s Checklist, we cover the biggest Mac news to come out of Apple’s 2020 Worldwide Developer Conference, including

Big changes ahead for macOS 

One of the biggest announcements at this year’s WWDC was the development of an all-new macOS — macOS 11 Big Sur. Apple says that the upcoming Mac operating system represents the “biggest design upgrade since the introduction of Mac OS X”, and says that equally significant improvements have been made to the Safari web browser, with new privacy features and page load speeds that match or exceed Google Chrome (up to 50% faster on frequently visited sites).

There’s a lot to unpack here, but we’ll start with Safari. While it’s not yet clear how Apple has achieved Safari’s impressive new speeds, we do know something about the browser’s privacy enhancements. The Privacy Report feature will allow users to see how their data is being tracked — and shared — by the websites they visit. In the past, this kind of deep visibility into how sites were using your data was only available by examining a web page’s source code, or, more recently, by carefully reviewing what cookies were stored on your computer. In the new Safari, this kind of intel will be available directly in your browser, and will be presented in an easy-to-find and easy-to-understand format. 

The likely result will be an increased awareness among Mac users of just how much data is being collected by websites and shared with third-party advertising companies. The functionality provided by Privacy Report is something that the development and security community has been requesting for years, and the tool appears robust enough that it may even make existing reporting apps less relevant. 

In addition to Privacy Report, Safari will also give users more control over the data they share with browser extensions. This is significant, because browser extensions often request extensive (some would even say excessive) permissions and access. Going forward, Safari users will be able to restrict or limit what information they share with an extension, what specific sites the extension can run on, or even how long the extension can remain active. In short, Safari now offers a kind of user-controlled sandboxing for extensions. 

This is a timely move in view of the fact that Apple has decided to allow developers to port extensions from other browsers to Safari, which should result in a flood of new Safari browser extensions. By also giving users fine-grained control over what data they share with these extensions, Apple will be able to offer more choice and variety to Safari users, while at the same time keeping them safe.

Moving on from Safari, the App Store also received a major privacy enhancement: users will now be able to view a summary of an app’s privacy practices before they decide to download it. Apple compares the new feature to the nutrition labels on the packaging of food products — a fact-based look at “what’s inside” that empowers consumers to make their own decisions. In many ways, this brings the Mac App Store closer in line with the privacy protections already in place on iOS, where users receive frequent notifications about their apps’ data collection and permissions requests. 

All in all, it looks as though macOS and Safari will be more privacy-focused than ever — good news for everyone who loves using a Mac!

ARM chips for Mac

Another huge announcement at WWDC 2020 was that Apple will soon move away from the Intel x86 processors currently used in Macs, and will instead begin making their own processors. The new chips (introduced as “Apple Silicon” during the keynote event) will be based on the same ARM processor architecture already used in the “A” series chips that power iPhones and iPads. 

It’s clearly a major change, and many people are wondering what it will mean for Mac — especially in terms of security. It’s difficult to say if Apple’s ARM-based processors will be “safer” than the Intel chips that preceded them (especially until folks in the security research community actually get their hands on some of that new hardware), but given Apple’s intense focus on user security, it’s hard to imagine that they’d do anything to make the Mac less secure. One thing that bodes well for the new ARM processors is that Apple has gotten very, very good at producing best-in-class chips for mobile devices: Clearly, the company already employs top talent that knows how to design secure, high performance hardware.

In terms of whether or not the move to ARM processors will affect the threats facing macOS users, we suspect that the new hardware in and of itself won’t do much to deter Mac malware authors. Mac users should plan on running reliable, regularly updated anti-malware tools on their systems for the foreseeable future. 

The biggest security challenge that the shift to ARM chips will bring is still far in the future. Apple plans to support Intel Macs with new operating systems and regular security updates for years (in fact, some Intel-based machines aimed at enterprise users are still in the product pipeline and haven’t even been released yet). But when Apple does eventually discontinue support for Macs with Intel processors, there will inevitably be some people still using them, from reluctant Intel holdouts to people who rely on software that just doesn’t run on the new Mac hardware. Unfortunately, these folks may be left unprotected if they’re unwilling or unable to upgrade to an ARM machine. This, however, shouldn’t be an issue for many years to come.

As far as what the shift to Apple Silicon will mean for performance, the company seems convinced that they will be able to significantly improve the Mac’s speed and efficiency. Time will tell, but there is reason to suspect that this could be the case. For one thing, many people feel that Intel has been lagging a bit in recent years, losing some of their competitive edge while remaining relatively expensive. Apple, on the other hand, has now built an impressive track record of engineering ARM-based chips for mobile devices. In short, their optimism may be well-founded. If nothing else, the shift to in-house ARM processors will have the effect of unifying Apple’s processor architecture across its platforms, perhaps paving the way for new products such as the rumored Apple VR/AR headset.

A new way to log in

There was a lot of information delivered at the WWDC 2020 keynote event, and overall, we were pleased with the security and privacy content that we saw. Apple is clearly as committed to user privacy as ever, thus continuing to distinguish their brand from other tech giants. The move to make information on website tracking and data sharing a major part of the new Safari is almost in direct contrast to Google, whose revenue model depends in large part on such activities

Later in the week, even more good news for users surfaced, this time in regard to website logins. Apple had already made advances in this area when they unveiled Sign in with Apple at last year’s WWDC, but now they appear ready to move logins into the future yet again: Starting soon, Safari users will be able to log in to supported websites with Face ID or Touch ID. The new feature will be rolled out in iOS 14, iPadOS 14, and macOS Big Sur.

Biometric website logins are a big deal for security (not to mention convenience), because they replace the traditional password-based authentication model which, frankly, is no longer adequate in today’s world.

Our only concern is whether or not websites will still support some type of traditional credentials as a backup to biometric logins — both as a way to support account recovery and also to help families with digital legacy issues in the event of a family member’s death. On the whole, though, this is a welcome development. While tools like password managers and two-factor authentication can make traditional password-based logins far safer, the future of logins definitely lies in the same powerful biometric tools that make your iPhone so secure.

That brings us to the end of this week’s Checklist, but we’ll return soon with a new episode. In the meantime, be sure to check out our archives, where you can find all of our past shows along with full written notes. And as always, if you have a security or privacy question that you’d like to see answered on a future edition of the Checklist, please feel free to write to us!

Join our mailing list for the latest security news and deals