Checklist 282: Privacy, Security, and WWDC22
This week, we look at the biggest security and privacy announcements from Apple’s 2022 Worldwide Developers Conference (WWDC)!
Updates between updates
In iOS 16, Apple will give you the option of receiving additional security patches between regular software updates.
Apple is calling new feature Rapid Security Response. It’s enabled by default. To control it, go to Settings > General > Automatic Updates. You’ll see an option called “Install System and Data Files”. Toggle this on to use Rapid Security Response (or off if you’d prefer not to take advantage of the feature).
With iOS 16, Apple is giving users the option to use a third-party authentication app with the built-in Passwords feature in the Settings app.
This is great news if you’re using Passwords on iOS as your password manager. Now, you’ll can set a third-party 2FA tool like Authy as your default (rather than relying on SMS). And as the meme goes, anything that makes 2FA easier is “an absolute win”!
Hidden photos stay hidden
Another privacy improvement has to do with Photos. In previous versions of iOS, you could put sensitive images in a special Hidden album in Photos. But anyone with physical access to your device could just look at your supposedly “hidden” photos!
When iOS 16 comes out, it will lock the Hidden and Recently Deleted albums by default. You’ll need Face ID, Touch ID, or your device’s passcode to unlock them. This that strikes you as an obvious feature to have on a Hidden photos album, we agree! It makes one wonder why Apple took so long to implement it, but better late than never…
Apple goes FIDO
A few weeks ago on Checklist 278, we spoke with Megan Shamas of the FIDO Alliance about a future without passwords. At WWDC 2022, Apple made an announcement that brings that future one step closer: a tool the company is calling Passkeys.
As Engadget explains:
…Apple’s passkeys are designed to replace standard passwords by providing unique digital keys that are stashed locally on your device. Apple says that by not storing passkeys in the cloud, they are much less susceptible to being stolen in the case of a data breach or phishing attempt.
That’s the cryptographic explanation, anyway. But in terms of what it’s going to be like to actually use Passkeys, it’s actually fairly simple. Passkeys are synced across devices with iCloud Keychain — and can be unlocked on your iPhone using Touch ID or Face ID.
Finally, iOS 16 introduces a new feature aimed at helping folks in domestic or intimate partner violence situations.
Called Safety Check, it lets users quickly and easily revoke shared privileges in dangerous situations. As Apple explains:
…Safety Check can be helpful to users whose personal safety is at risk from domestic or intimate partner violence by quickly removing all access they’ve granted to others. It includes an emergency reset that helps users easily sign out of iCloud on all their other devices, reset privacy permissions, and limit messaging to just the device in their hand. It also helps users understand and manage which people and apps they’ve given access to.
The security industry has been warning about tech-enabled abuse for years — so it’s great to see Apple taking action on that front!