SecureMac, Inc.

The Checklist Podcast

SecureMac presents The Checklist. Each week, Nicholas Raba, Nicholas Ptacek, and Ken Ray hit security topics for your Mac and iOS devices. From getting an old iPhone, iPad, iPod, Mac, and other Apple gear ready to sell to the first steps to take to secure new hardware, each show contains a set of easy to follow steps meant to keep you safe from identity thieves, hackers, malware, and other digital downfalls. Check in each Thursday for a new Checklist!

Checklist 199: iOS 14 Privacy Features with Nick Leon

Posted on September 17, 2020

iOS 14 is here — and it’s going to bring a number of important user privacy enhancements. On this Checklist, we’ll run through the most significant of these, covering:

  • The “in your face” changes
  • The behind-the-scenes changes 
  • The changes where you get to choose

Transparency and Consent

In iOS 14, app activity is going to be more transparent than ever, and you’ll also have more direct control over your relationships with developers. Here are five privacy upgrades to the iOS 14 experience that you’re likely to notice.

  1. 1

    Clipboard access notifications

    In iOS 14, you’ll see a small banner notification any time an app pastes from the system clipboard. You may remember that over the summer, Tik Tok and other apps made headlines (not the good kind) when iOS 14 beta testers noticed that their clipboards were being accessed almost constantly by these apps. From now on, if an app seems to be checking your clipboard excessively, or when it doesn’t seem to have any legit reason to do so, you’ll know about it — and you will be able to take any action you deem appropriate, up to and including taking the offending app off of your device!

  2. 2

    Recording indicators for mic and camera

    File this under “I can’t believe this wasn’t already a thing”: In iOS 14 you’ll see recording indicators when an app is using your mic or camera. If an app is using either one of these, you’ll see a little colored dot up in the status bar (green for camera, orange for mic) letting you know that something is recording. While this feature probably won’t directly change the way you use your device, it’s nice to know that there’s no way for apps to surreptitiously record you in the background!

  3. 3

    App Store privacy information

    Starting soon, all developers will be required to self-report their app’s privacy practices, including the types of data collection they’re doing and if they’re sharing that data with third parties. This data will then be displayed on the app’s App Store page — something that Apple has compared to the nutrition labels that you find on food packaging. This should give users a better sense of what they’re putting onto their devices (and if they’re downloading the app privacy equivalent of junk food!). This feature isn’t available yet, but Apple says it will roll out sometime before the end of the year.

  4. 4

    Upgrade to Sign in with Apple

    Sign in with Apple is Apple’s own secure sign-in service. It lets you create a new account for an app or a website using only your Apple ID — and without having to share additional information with developers or other third parties. Ever since its introduction at last year’s WWDC, it has been seen as a real win for user privacy — and now, Apple is giving developers the back end code they need to offer an upgrade to Sign in with Apple for users who have already created an account using another sign-in method. In other words, existing users will no longer have to create a whole new account if they want to switch to Sign in with Apple. Sign in with Apple is mandatory for developers who offer other third-party sign-in services like Sign in with Facebook, though it doesn’t look like developers will be forced to offer this new one-click upgrade to users. Still, it’s nice to know that privacy-conscious devs will have the tools to offer safer sign-ins to their longtime users.

  5. 5

    App Clips

    An App Clip is a snippet of a full app that a developer can offer to people who may need some of their app’s functionality, but who don’t want to install the entire app on their device. App Clips can be used to do things like make restaurant reservations, rent a piece of equipment, make a quick payment, and more. They load onto your device in seconds, and later disappear if you don’t use them again. This is definitely a privacy enhancement, because now you can get the benefits of an app without actually giving too much access and data to developers, or having their app on your device long-term. It should be a great feature for people who travel a lot, or who frequently try out new services and venues that offer their own apps, and so are constantly being asked to install unfamiliar apps. With App Clips, it’s now possible to get the functionality you need without actually having to install an unknown developer’s app on your device.

Taking a closer look at iOS 14

There are three new iOS 14 privacy features that are subtle enough that you may not even notice them at first (at least, not if you don’t know where to look).

  1. 1

    Private Wi-Fi addresses

    When your device joins a Wi-Fi network, it uses something called a MAC address to identify itself to the network. So how is that a privacy issue? Because if your device is using the same MAC address to join every Wi-Fi network, network administrators or third parties who are monitoring the Wi-Fi networks may be able to use that identifier to track your activity, or even your location.

    In iOS 14, you’ll automatically get a unique, private address for each Wi-Fi network that your device joins, making it much harder for network observers to figure out that all of those different MAC addresses belong to the same device (and thus harder to use those addresses to track you).

    For the most part, you won’t have to do anything to get the benefits of this feature, but you should know where the controls are, because in some cases using a private address may cause network compatibility issues that require you to disable the private address feature for just that one network. To see the controls, go to Settings > Wi-Fi to see a list of your Wi-Fi networks. Next to each network you’ll see an information button; tap this to take a closer look at a network — and to see the Private Address toggle switch that will let you enable or disable this functionality for just that one network.

  2. 2

    Website Privacy Report

    In Safari 14, Privacy Report will help you see what Safari’s Intelligent Tracking Prevention tool has done to protect your privacy. In the address bar, tap the “AA” icon to see the Privacy Report option, and then tap Privacy Report to view a 30-day rolling report that contains information on what sites are using trackers, how many trackers are being used on each site, and which trackers are the most common across all sites. Bear in mind that Privacy Report shows you information about trackers that Safari has already blocked, so you don’t really need to take any additional action, but it’s a good way to get more insight into how websites are tracking you.

  3. 3

    Safari password monitoring

    If you store passwords using Keychain, Safari will periodically check them against a database of known breaches to see if any of your passwords have been compromised. Don’t worry, Apple’s not actually reading or transmitting your passwords: They’re using cryptography to create derivations of your passwords that they can check against derivations of passwords that have shown up in data breaches. This allows them to notify you if your password has been involved in a breach, but without needing to know your actual password. To see if Safari has spotted an issue, go to Settings > Passwords > Security Recommendations. If you see a warning icon next to any of your accounts, click on it for more information — and then follow Safari’s recommendations in order to keep yourself safe!

Putting the user back in user privacy

In addition to the direct privacy enhancements that Apple has made in iOS 14, there are also changes that empower the individual user to make their own decisions about what content they share.

  1. 1

    App tracking controls

    As listeners of the Checklist are no doubt aware, our apps track us in a variety of ways, but in iOS 14, you’ll soon be able to opt out of this kind of tracking — for good.

    Starting in early 2021, apps will be required to ask permission to track you, which will take the form of a pop-up that you can use to opt out of tracking. If you want to issue a blanket “no tracking” request to all apps, you’ll have a way to do this as well: go to Settings > Privacy > Tracking > Allow Apps to Request to Track, and toggle the switch to Off.

    Originally, Apple had planned to release this feature with iOS 14, but they are delaying the roll-out in order to give developers and advertising companies more time to prepare for the change (and to rethink their business strategies). So for the time being, apps can choose to offer their users a tracking opt-out, but it’s not mandatory — which means that if an app hasn’t asked you for permission to track, it may still be tracking you (you’d need to consult the individual app’s privacy policies for more clarity). However, the change is definitely coming, and sometime early next year, all apps will have to ask you for your consent if they want to track you.

  2. 2

    Approximate location

    In iOS 14, you’ll be able to fine-tune your location sharing with an app. As in iOS 13, you’ll still be able to stop apps from accessing your location altogether, but now you’ll also be able to share your general whereabouts with an app. This is useful for apps that probably do need a “fuzzy” sense of where in the world you are (think weather and local news apps), but that don’t really need the kind of exact location that, say, delivery or ride-hailing apps rely on. When an app first asks for location tracking permissions, the pop-up will contain a toggle switch that says Precise Location. Toggle this to On if you want to share your exact location with the app, or to Off if you just want to give the app your approximate location. You can see what you’ve shared with apps (and make adjustments if need be) at Settings > Privacy > Location Services.

  3. 3

    Limited Photos library access

    In iOS 14, you’ll also have more granular control over how you share photos with apps. When an app wants to access your Photos, you can now say yes, no, or use the select photos option to give the app access permissions to specific photos or folders only. This is useful for cases when you do want an app to have access to a single photo or album, but you don’t necessarily want to see all of your personal photos stored on the app’s servers! If you need to review or edit what photos you’ve shared with an app, go to Settings > Privacy > Photos.

  4. 4

    Network access

    iOS apps sometimes need the ability to see what other devices are on your local network, especially if they’re going to be used to control or upload data from those devices (as in the case of speakers or some digital cameras). But there may be other apps that don’t have any business looking at what’s on your network — especially since this information could be used to profile you. In iOS 14, apps will have to request permission before they can view your local network. To enable or disable local network access for an app, go to Settings > Privacy > Local Network. Here you’ll see a list of installed apps, along with toggle switches that control which ones can see your local network, and which can’t.

This brings us to the end of this week’s Checklist, but we’ll be back soon with another new episode.

Join our mailing list for the latest security news and deals