WWDC 2023 Keynote Security and Privacy Highlights
Apple kicked off its annual Worldwide Developers Conference (WWDC) on Monday. As usual, the event opened with a keynote address introducing new Apple products, operating systems, and features. Here are the security and privacy highlights from WWDC23:
macOS 14 Sonoma
The next edition of macOS 14 will be called Sonoma. It’s slated for public beta next month and full release sometime in the fall.
Apple announced a number of new security and privacy features coming in Sonoma. Note that some of these are Safari features or are included in the next version of iOS (iOS 17) as well.
Private Browsing in Safari gets a major boost in macOS 14. The Apple browser will offer better protection against web trackers. It also strips out the parts of some URLs used to track people across websites. In addition, Private Browsing will lock windows when not in use, so you can step away from a device without worrying about your privacy.
Tracking URLs will also be removed from links shared in Mail and Messages. Per Apple, even though the URLs have the tracking portion cut, “the links will still work as expected.”
Passwords and Passkeys can be shared in a group if needed. It’s far safer than, for instance, emailing someone a password (please don’t do that) since everything is end-to-end encrypted via iCloud Keychain.
Communication Safety was introduced to warn kids if they’re about to send or receive explicit photos in Messages. The new version of Communication Safety now extends to videos, AirDrop files, FaceTime videos, and the Photos picker. It also extends beyond Apple apps, since a new API will help third-party developers integrate the feature into their apps. All processing for the feature occurs on device, addressing concerns raised by privacy advocates last year.
Sensitive Content Warnings can be turned on in Messages and third-party apps to blur out explicit photos or videos before a user decides to view them.
Apple Silicon processors come to Mac Pro, finally completing the Mac’s transition to Apple’s line of ARM-based processors. As we’ve discussed before, this has both performance and security benefits for Mac users.
Productivity seemed to be the main focus of Apple’s presentation of macOS Sonoma and the new Macs. We expect this to bode well for Macs in the workplace. But as we’ve noted in the past, the popularity of Macs in the enterprise may also result in a more dangerous macOS threat landscape.
iOS 17
The iPhone gets a new OS: iOS 17. Like macOS, the beta is expected in July, the public release this fall.
In addition to the Safari, Keychain, Mail, and Messages features discussed above, it’s also worth mentioning the mobile-focused security and privacy enhancements coming to iOS.
Lockdown Mode, a feature designed to protect high-risk people targeted by sophisticated attackers, has been strengthened in iOS 17. Apple specifies the improvements as “safer wireless connectivity defaults, media handling, media sharing defaults, sandboxing, and network security optimizations.” In addition, Lockdown Mode will now be available for Apple Watch.
Live Voicemail comes to the Phone app. Given the prevalence of scam calls, we’d consider this an important privacy and/or security feature. Live Voicemail lets you see a transcription of an unknown caller’s voicemail as they speak. This way, you can let everyone not in your Contacts go straight to voicemail—but still pick up if it seems like a legitimate call.
Check In is a new Messages feature that’s more about physical safety than digital security. If you’re going somewhere, you can use Check In to let friends and family know when you’ve arrived safely. If Check In notices that you aren’t moving toward your destination, it will send you a message. If you don’t answer, the feature will automatically share your location, battery level, and cell service information with your contact.
visionOS
As anticipated, the star of the show at WWDC23 was Apple’s new wearable device: Vision Pro. It’s an AR/VR headset that looks like a pair of futuristic goggles. If you haven’t seen the demo yet, check it out. It’s pretty cool.
We’re focusing here on the security and privacy aspects of Vision Pro—and, more specifically, of its underlying operating system: visionOS.
Here’s why that matters. AR/VR devices like Vision Pro work by tracking eye movement. They capture all sorts of behavioral and biometric data. As wearables, they also go where the user goes, meaning location data is involved. And they rely on third-party app developers to create the AR/VR experiences users are looking for—which gives a lot of random software engineers potential access to sensitive personal data. For years, security researchers have worried that these sorts of headsets could turn out to be a digital privacy nightmare.
The good news is that Apple seems to have baked digital privacy and security into visionOS. Here are a few of the most important Vision Pro security and privacy features:
Eye input data is processed on-device. If you’re using Vision Pro and you look at something in your field of view, visionOS “knows” what you’re looking at—but that information isn’t shared with Apple, apps, or websites. All that’s transmitted is your final selection when you use a hand gesture to “click” on the object you’ve selected with your gaze!
Camera and sensor data are processed at the system level. Vision Pro needs to process data about your surroundings in order to create a mixed-reality computing experience. But it does this entirely on-device. Data about your environment is not needed by apps—and is not available to them.
Optic ID is a new kind of biometric authentication used by Apple in visionOS. It uses the physical pattern of the iris—as unique to each person as a fingerprint—in order to identify users. visionOS uses Optic ID to authorize purchases and unlock passwords. But like Face ID or Touch ID data, Optic ID data is encrypted, stays on your device, and is stored in the Secure Enclave processor for maximum security.
More in store…
Those are the key takeaways from WWDC23. In the coming weeks and months, we’ll be talking more about macOS Sonoma, iOS 17, and Vision Pro—and what it all means for your security and privacy!
