iOS 16 Security and Privacy Features
iOS 16 has arrived! Here are the most important iOS 16 security and privacy features to know about in order to keep your iPhone (and you!) safe:
Faster iOS 16 security updates
iOS 16 introduces a security feature called Rapid Security Response. When enabled, it gives your device permission to install urgent security patches automatically — no interaction on your part required — in between standard OS updates.
iOS is a very secure platform in general, but as the past year’s iOS 0-days and Pegasus spyware issues demonstrate, a faster-than-normal security patch is sometimes needed. To turn on Rapid Security Response, go to Settings > General > Software Update > Automatic Updates and toggle on the option labeled Install System and Data Files.
Strong password editing in Safari
It’s a frustratingly common problem: You try to make a “strong, unique password” for a website — as you’ve been told to do a thousand times before. But the password generated by your password manager is rejected by the site because it doesn’t begin with a number, or because it contains special characters, or for some other seemingly arbitrary reason.
Pointless? Yep. Annoying? Definitely. But still a fact of digital life in 2022. For this reason, Apple has introduced strong password editing in Safari. It’s exactly what it sounds like: You use Safari to generate a strong password, then edit it as needed to meet site-specific requirements.
Here’s how it works. Beneath the Use Strong Password button that appears when you sign up for a new account in Safari, you’ll see the words Other Options…
Tap that and you’ll see options for Edit Strong Password and No Special Characters; these options let you — yes, you guessed it — edit a strong password or create a strong password that doesn’t contain any special characters.
Passkeys: a replacement for passwords
Passkeys are a new feature in iOS 16 that allows you to sign in to websites without any password at all. They were developed in collaboration with the FIDO Alliance and are intended to solve many of the problems that plague password-based sign-in methods: weak passwords, password sharing, poorly implemented 2FA, attacks on servers that store hashed passwords, and phishing.
From a user’s perspective, passkeys won’t be that much different from passwords. If anything, passkeys are going to feel easier.
To set a passkey up, first go to your account management or settings area for an app or website where you have an account. If the developer has introduced support for passkeys, you’ll see a “create passkey” option. Select this and then authenticate yourself with Face ID or Touch ID. The next time you visit the site or app, you’ll see a prompt asking if you want to sign in with your passkey. If you choose this option, you just authenticate with Face ID or Touch ID to complete the sign-in.
To learn more about what’s really going on under the hood, read How Do Apple’s Passkeys Work?
Mail in iOS 16 fights phishing with BIMI
Mail in iOS 16 will support BIMI: Brand Indicators for Message Identification. When a company is using the BIMI specification, their emails show up in your inbox with a verified brand logo next to their name.
This is important for security, because brand impersonation is a common tactic used in phishing attacks and other scams. BIMI is already supported by email platforms such as Google’s Gmail and Yahoo! Mail. Starting in iOS 16, BIMI will work in Apple’s Mail as well!
iOS 16 Safety Check for users in domestic violence situations
Apple is aware of the dangers of tech-enabled abuse, and is rolling out a new iOS 16 feature called Safety Check to help users facing intimate partner or domestic violence. The feature lets users quickly reset access granted to others and manage access to their device.
As 9to5Mac explains, Safety Check offers an Emergency Reset option that “will immediately reset access for all people and apps and help you review your account security.” There is also a Manage Sharing & Access option that lets you “customize which people and apps can access your information and let you review your account security.”
To find Safety Check in iOS 16, go to Settings > Privacy & Security > Safety Check.
View edit history in Messages
In iOS 16, users will be able to edit messages for up to 15 minutes after sending. That’s undoubtedly convenient, but it has raised concerns that the feature may let abusers send threatening or harassing messages and then alter the evidence after the fact.
Apple seems to have listened to the criticism, according to a report by MacRumors. In the public release version of iOS 16, you’ll be able to view the edit history of an edited message sent to your iPhone:
On an edited iMessage, you can tap on the small blue “Edited” label to see the edit history, and it can be hidden again by tapping on “Hide Edits.”
Pasteboard permission required
Way back in iOS 14, Apple introduced a banner notification feature that told you when an app was accessing the pasteboard (i.e., the systemwide iOS clipboard). The idea was to alert users to apps that might be trying to sneak a peek at what they had copied to the clipboard from another app.
iOS 16 takes pasteboard privacy protections a step further. Now, says Apple, apps will have to obtain a user’s explicit permission “before accessing the pasteboard to paste content from another app.” If you deny permission, that app won’t be able to use the pasteboard.
iOS 16 privacy enhancements for Photos
Last but not least, Apple has made a nice privacy tweak to one of its core apps: Photos.
Sometimes you hide or delete a photo on your iPhone because it’s a dud, or simply because it’s no longer needed. But sometimes you hide or delete a photo because it’s highly sensitive: something you don’t want anyone else to see…ever. That creates an uncomfortable situation if you need to let a friend hold your device to check out your vacation photos — you just have to hope and pray that they don’t accidentally click on that Recently Deleted album!
Apple seems to have realized the potential privacy issue here, and has added a new feature designed to address the problem. In iOS 16, your Hidden and Recently Deleted albums in Photos will be locked by default. To unlock them, you’ll need to use Face ID, Touch ID, or your iPhone’s passcode.
Looking ahead
Usually, the release of a new version of iOS is followed by a security update within the first couple of months as the inevitable bugs and vulnerabilities are discovered. So stay tuned for more information — or follow The Checklist podcast to receive weekly Apple security news and updates!
In October, the next version of macOS, macOS Ventura, is slated for release. We’ll have more details about the new Mac security and privacy features closer to the Ventura release date.
