Privacy has increasingly become a competitive advantage for Apple. The bulk of the company’s revenue comes from hardware sales, in stark contrast to competitors like Google who depend heavily on ad revenue and thus benefit tremendously from collecting user data. Apple calls privacy one of its core values, and the structure of its business makes it easier to hold true to that value. But that doesn’t mean its privacy work is easy or without cost – behind the huge number of privacy enhancements this year was surely significant effort and resources that could have been diverted elsewhere. The company’s privacy discourse isn’t empty marketing speak; it’s product-shaping. Not only that, but thanks to Apple’s enormous influence in tech, it can be industry-shaping too, forcing companies that otherwise may not prioritize user privacy to do business differently.
This year in its WWDC keynote, Apple dedicated an entire section of the presentation to privacy, detailing its latest efforts within the framework of what it calls its four privacy pillars:
- On-device processing
- Data minimization
- Security protections
- Transparency and control
Evidence of each of these pillars can be seen throughout much of what Apple announced during the rest of the keynote. On-device processing, for example, powers the new Translate app in iOS 14, HomeKit Secure Video’s face recognition feature, and more. New security protections have been implemented to warn you if a Keychain password’s been compromised, and to enable Sign In with Apple for existing in-app accounts, both of which make your accounts more secure. But the majority of this year’s most prominent privacy updates fell under the remaining two core pillars: data minimization and transparency and control.
Here are the privacy-focused changes you’ll see this fall across iOS and iPadOS 14 and macOS Big Sur.
Data Minimization: Photos, Contacts, Location
Similar to its years-long stance that better privacy doesn’t have to come at the cost of better functionality, one of Apple’s principles behind data minimization is that limited access doesn’t mean limited functionality. Apps should be empowered to use the data they need to fulfill a task, but the ceiling on that data should be as low as is truly necessary.
Photos, contacts, and location are three main frameworks applying this principle in the upcoming OS versions. With the former two, Apple is providing new options for third-party apps to have more refined and limited access to the databases stored in your Photos and Contacts apps. With location, there’s a new toggle to grant an app access to either precise or approximate location data.
Historically, if an app needed to read something from your Photos or Contacts databases, granting access was an all or nothing affair. The app could either read all of your data from each of these core first-party apps, or none of it. That’s changing this year.
Now, whenever an app needs access to your photos, the user will see one of two things: a secure image picker that requires no permission prompt, or a prompt containing a new option. The former approach is what most apps should take, as it offers a better user experience, but requires developers to adopt the PHPicker API. PHPicker by default negates the need for a permission prompt because it enables apps to only access photos you explicitly select on a per-event basis. It works like most users would hope and expect: if you’re sharing a photo to Twitter, for example, you’d get a system image picker and Twitter will only be able to read the image you actually select, minimizing the data shared with the app. Once apps update to support PHPicker, you should start seeing a lot less prompts to grant access to your Photos library, making your images more private than ever before.
Apps can still surface a prompt if they’d like, but it shouldn’t be necessary for the vast majority of apps. When needed, however, the updated permissions prompt provides the option of granting an app access to only select photos, or to your entire Photos library. The main scenario when the latter might be appropriate is for backup services such as Google Photos or Dropbox.
Contacts is utilizing a similar idea this year, but with a very different approach. Rather than presenting a contact picker where only the selected contacts will be shared, Apple is utilizing the QuickType keyboard’s AutoFill row to suggest contact details to share when you need them. When you type something like ‘Mark’s number is’ you’ll then see a suggestion in the AutoFill row to add Mark’s phone number with one tap. The same works for details like emails and addresses.
Location changes are simple: rather than granting an app access to your precise location, you can share only an approximate location instead. On the location security prompt, there’s a new button in the top-left corner of the map preview that says Precise: On or Off. Toggling this setting will show on the map how much or little precision the app will receive in each scenario, and you can then choose from the standard options of Allow Once, Allow While Using App, or Don’t Allow. These selections can all be modified later in the Settings app as well.
While many types of apps will still need precise data to offer the best functionality, such as navigation or weather apps, some apps should be just as useful with only approximate location access.
Transparency and Control: Safari, App Store, Network Controls, and More
The core idea behind Apple’s pillar of transparency and control is that apps should be clear and up front about how data will be used and put users in control of their data.
In updates to Safari, both of these dynamics are at play:
- Transparency: Safari’s new Privacy Report, which is available across all platforms, makes visible the fruits of the app’s Intelligent Tracking Prevention feature that has been around for years. It shows you which known trackers have been blocked on which sites in the last 30 days – a frequently eye-opening insight. On the Mac the Privacy Report has a dedicated button in the toolbar and it can even be added to your start page, while on iPhone and iPad you’ll find it inside the address bar’s aA menu.
- Control: Web extensions on the Mac are an area where Safari’s offerings pale in comparison to Chrome’s, but Apple’s hoping that can start to change this year by making it easier for a Chrome extension to be offered for Safari too. New developer tools will hopefully bring positive change in this area. Simultaneously, the company has built new controls for users to manage the access level given to each extension. Rather than enabling extensions to track all your web activity by default, Safari will provide restriction options so a user can grant permissions to an extension for a single day, or only for a single website, or the more extensive ‘Always Allow on Every Website’ permission.
The App Store this year is similarly emphasizing transparency and control in new ways:
- Transparency: Developers are now required by Apple to complete a questionnaire explaining how their apps use customer data, and which third-party SDKs they employ. That information will be made visible on an app’s App Store product page under the heading of a new App Privacy section, enabling users to better understand up front how secure their data will be.
- Control: In what could become a big problem for advertising-dependent apps, when an app intends to track a user’s activity across apps or websites owned by other companies, it must first obtain user consent via a new security prompt. This applies to targeted advertising, advertising measurement, or sharing with data brokers, with exceptions available only in limited cases such as fraud detection or prevention. Essentially, Apple is taking its Intelligent Tracking Prevention principles from Safari and applying them to apps, putting users in control of whether their data is shared or not.
Apple will now require users to opt-in to advertising ID which is used by ad networks for ad personalization. This is a strategy credit since they get to wave the privacy banner, it hurts ad businesses like Google’s 📉 and makes it more likely games will monetize with IAP (30%💰) pic.twitter.com/StyYM9lTqc
— Dare Obasanjo (@Carnage4Life) June 22, 2020
Continuing this trend of guarding against unwanted third-party tracking, a new option in the Settings app enables better securing your Wi-Fi network activity via a private address. When you activate the Private Address toggle, which is accessible under a network’s information screen, your device will create separate MAC addresses for each network you connect to rather than using only a single address that can be used to trace your movement and activity across different networks. Not only that, but the unique MAC address on each network will be refreshed with a newly generated one every 24 hours, providing even greater comfort that you’re not being tracked from home to the office to the coffee shop and back, and that your network activity in these various locations can’t be strung together to build a profile.
Another network-related feature is that apps wishing to access your local network will need permission granted via a new security prompt. This follows a similar pattern as last year’s Bluetooth alerts, but for local network access instead, and is intended to prevent unwanted gathering of information from a network about a user’s other connected devices and activity. The new security prompt will read, “[App name] would like to find and connect to devices on your local network”, and you can easily decline permission.
Rounding out the privacy features I’d like to highlight are two transparency tools which are sure to be quickly noticed by all users: clipboard alerts and camera and microphone indicators.
Any time an app accesses the contents of your clipboard in iOS and iPadOS 14, the system will present a banner at the top of the screen to inform you of this – even if you directly caused the action by hitting an app’s Paste button. This change can be a relatively non-intrusive confirmation of an action you’ve taken, but it can also inform you when an app is trying to harvest data you don’t want it to. Some apps have been found to check the clipboard’s contents with no visual indication that was happening, but Apple’s ensuring that behavior can’t occur anymore without being known.
It’s one thing to display the alert when you manually paste, or to do so as a way to expose bad actors, but there’s a scenario that falls in-between these two cases: apps that check the clipboard without user input, but for the sake of offering valuable functionality.
As was recently explained by Benjamin Mayo for 9to5Mac, an app like Apollo does this to see if there’s a recently copied Reddit link it can load in-app. It’s a nice feature, but in iOS 14 it comes at the cost of seeing clipboard alerts too often. However, there’s a new API developers can implement which should reduce the number of alerts users receive. Mayo explains:
In previous iOS releases, the only way for an app to know what kind of textual information was on the clipboard was to copy it out and check after it has been accessed…When updated to use [the new API], an app can query the clipboard for the kind of textual data it contains without actually getting access to it. An app can know upfront if the clipboard contains a URL or a web search, for instance.
After a couple months using the iOS and iPadOS 14 betas, I’ve grown accustomed to the clipboard alerts such that they don’t bother me at all. In fact, in one particular scenario they’re actually quite nice: pasting something that was copied on a different device. Apple’s Universal Clipboard feature, which falls under the Continuity feature set, works with the new clipboard alerts to confirm that what you just pasted came from a different device. For example, while writing last week on my iPad, I pasted something that was copied from my iPhone and received a banner that said ‘Ulysses pasted from iPhone.’ Most of the time you can see the pasted contents immediately, but in this case I was pasting on to selected text to embed it with a link. In the past I would have needed to then open the URL content block to verify that the correct link was embedded, but the alert was confirmation enough so I was saved that step.
Camera and Microphone Indicators
Many iPhone and iPad users have wondered at times whether their devices are listening to or watching them without their consent. I’ve heard several anecdotal tales of a friend or family member discussing something with another person then shortly afterward using their iPhone and finding an Instagram ad for the kind of thing they had just talked about. This year Apple is trying to provide users with extra peace of mind about what their devices are doing while exposing any misbehavior an app might engage in.
After updating to the latest software this fall, whenever the camera or microphone is activated on an iPhone or iPad, you’ll see either a green or orange dot appear in the top-right corner of the display, where it will remain until the camera or microphone is no longer in use. The green dot is for camera activity, while orange represents the microphone. The dot is small enough that it’s not distracting, while nevertheless remaining noticeable. And even if you don’t catch it in the right moment, a new feature of Control Center is that it will inform you of any app that recently used either the camera or mic.
For several years now, Apple has leaned heavily into privacy as one of its core values, and the work the company produces each year backs that up. We see it in hardware like the Secure Enclave that first debuted with the iPhone 5s all the way up to the T2 Security Chip on Mac, which relies on that years-old foundation. But even more so, we see privacy all throughout the software that integrates with Apple’s hardware to do on-device processing, make an app or website’s activity transparent, and much more. This year’s roster of privacy features is impressive, demonstrating how comprehensive and deeply-rooted in its products Apple’s philosophy is.
Though one common criticism of Apple is that the company keeps customers ‘safe’ by taking away functionality, I don’t think that’s at all a fair assessment of this year’s privacy enhancements. Rather than limiting what a user can do, they instead simply give users more options and greater transparency to make their own choices with their data. I believe this is the best approach that could be taken. If a user wants personalized ads, they can grant all the permissions they want – the important thing is that they get to make that choice themselves.
There’s always more a company can do to prioritize user privacy, but I’m pleased with the path Apple’s on in 2020. Its years-long privacy focus has a lot of user benefits to show for it, and that’s sure to continue being true moving forward. This is a big year for privacy, but Apple shows no signs of slowing down now.