In recent months, Apple has taken steps to improve user security and privacy. In February 2020, Apple announced that they had joined the FIDO (Fast Identity Online) Alliance. The Alliance’s goal is to help augment less secure forms of identity verification (such as passwords) by pairing them with more secure forms of authentication such as security keys and biometrics. Though this is noteworthy, Apple is also one of the last large tech companies to join the Alliance, whose ranks already included Amazon, Google, Facebook, and Microsoft.
The release of iOS 14 last September brought with it improved security features, and though users have been overwhelmingly supportive of these changes, advertisers such as Google and Facebook are much less enthusiastic.
What is the FIDO Alliance?
FIDO Alliance was founded in 2012 by a group of tech companies, including PayPal and Lenovo, with a mission to create authentication standards that reduce society’s reliance on passwords by promoting the widespread adoption of multi-factor authentication U2F tokens and biometrics.
The Alliance aims to replace password-only logins with more secure login experiences for both websites and apps by promoting other forms of authentication, including security keys and biometrics (such as voice authentication, fingerprint scanners, and facial recognition).
Apple added the ability to use FIDO-compliant security keys during its 13.3 iOS update.
What New Features Does iOS 14 Bring With It & How Do They Aim to Improve Security?
iOS 14’s new security features include:
Camera & Microphone Use Alerts
Though all apps on iOS already had to explicitly ask for permission to use the camera and microphone, starting with iOS 14, you will now be alerted whenever an app is accessing your camera or microphone. This is done using a dot in the upper right-hand corner: A green dot means your camera is currently in use, and an orange dot means the app is using your microphone.
The goal of this feature is to ensure you are never recorded without your knowledge.
Limit Photo & Location Access
This update offers a more granular configuration for your photo and location settings. This allows you to specify whether an app can never access location data, always access location date, or only access this data when the app is open or when you have granted explicit permission.
The new Precise Location toggle switch also allows you to grant an app permission to know your general location while keeping your exact GPS coordinates private.
This update also allows users to specify whether apps can access all, none, or a few select photos.
Flagging Bad Passwords
Though Apple has had the ability to sync your login credentials across various accounts on your Apple hardware via iCloud for a while now, they have now implemented a password monitoring system that will alert you if your credentials are spotted during a data breach. This helps ensure potentially compromised credentials can be changed as soon as possible.
Discouraging Wi-Fi Tracking
Whenever a device connects to the internet, it is assigned a MAC (media access control) address, which allows your local network to keep track of the device. In recent years, internet service providers and, by extension, advertisers have been using this data to determine the time and place of your device when you log in.
To discourage this form of tracking, iPhones are now granted a new MAC address for each unique wireless network they connect to. This means your iPhone or other Apple device will have one MAC address for your home network, one for your work network, etc.
This feature is enabled by default on every new network you connect to.
Keeping an Eye on Your Clipboard
Data grabbing apps have proliferated in recent years, snooping on your clipboard even if you haven’t given them permission to do so. iOS 14 means that you are alerted when an app accesses your clipboard: if you just copied or pasted something, that is fine, but if you haven’t, you now know the app you are using is likely gathering data without your permission for their own purposes.
Most app companies quickly re-configured their products to eliminate this form of unauthorized data collection once Apple implemented this feature during beta testing and made this behavior public, but this feature helps ensure that underhanded app companies are no longer tempted to snoop where they aren’t explicitly welcome.
Privacy Reports from Safari
Though Apple has blocked cross-site tracking cookies in Safari for quite some time (a feature that makes it more difficult for advertisers to string together your browsing history across various websites), this feature has been improved in iOS 14 by adding the privacy report feature.
This feature gives you more details regarding what effect this blocking has on your browsing by showing you how many individual trackers on each page have been blocked over the past month. The reports don’t have an interactive component but do provide helpful information.
Coming Soon – Limiting App Tracking
Though pushback from advertisers means this feature won’t be fully implemented until sometime in 2022, there are still steps users can take now to curtail apps’ ability to track you outside of the actual app itself.
However, even if you don’t explicitly give an app permission to track you, they may still try to do so per their individual privacy policies, curtailing users’ ability to opt-out of advertising tracking until this new feature is fully implemented.
Coming Soon – Improved Access to App Privacy Information
Though this feature is also not yet live, Apple did announce that one iOS 14 feature that is also coming soon is app privacy cards. These cards are designed to give users a clear picture of the types of data each app collects and how that data is used.
What Does This Mean For Advertisers?
It’s become common wisdom that if a product or service is “free,” then the users (or, more specifically, the data they generate) is the real product. Apple’s approach to improved privacy and security, even with significant compromises on limiting app tracking, has the potential to severely impact the ad targeting business. While this is good news for users, advertisers are not as excited.
Facebook, in particular, has already pushed back hard, announcing that its Audience Network will no longer use IDFA (identifier for advertisers) gathered from iOS devices because they can no longer guarantee the quality of that data collected. Google has also announced that they will remove select forms of advertiser tracking technology from popular apps (including Maps and YouTube) in response to Apple’s decision.
“When Apple’s policy goes into effect, we will no longer use information (such as IDFA) that falls under ATT [the App Tracking Transparency feature] for the handful of our iOS apps that currently use it for advertising purposes. As such, we will not show the ATT prompt on those apps, in line with Apple’s guidance.“ Google Ads’ group project manager Cristophe Combette stated in the blog post responding to Apple’s changes.
Though GDPR and CCPA opened the door for more transparency into what information is gathered and used to track users, this change from Apple could represent a turning point when it comes to data security and privacy. Having agency over what data is collected (and how) is critical for any good cybersecurity posture by helping you maintain full visibility into your infrastructure by better monitoring endpoint activity. For more information about cybersecurity, or find out how your team can better safeguard your digital assets, please contact our team today.