While iOS 12, slated to debut this fall, may be low on big headline-grabbing features, Apple has positioned the next version of its mobile platform as safer and more secure for users. The company debuted a handful of the most notable updates at its developer conference keynote on June 4, but since then, developers have shared a number of more subtle changes the company has made as they explore its newest APIs. One such example is the way it handles password management—making it easier for users to adopt good password security practices—but there are five other ways Apple is quietly making your devices more secure.
Banning the collection of users’ friends or contacts
Apple recently updated its App Store review guidelines, and it made two notable changes. The first is an effort to minimize the amount of data developers can collect about a user’s friends or contacts, clearly in reaction to Facebook’s Cambridge Analytica scandal. Up until this point, the address book has been “a Wild West of data,” as one developer put it. As Bloomberg noted, app developers have been able to access a user’s phone contacts—names, phone numbers, addresses, and photos linked to a contact—and then, essentially, do what they want with that information, including use it for marketing or sell it to third parties.
Apple is now closing the door on that practice by banning developers from creating databases of users’ contacts. Apple also explicitly forbid the selling of that information to third parties. That is not to say that Apple is prohibiting access to your address book altogether. Apps can still, with your permission, use that information for things such as identifying whether you have any existing friends on the app or allowing you to send an invite to the app.
Banning cryptocurrency-mining apps
The second change Apple recently made to its App Store guidelines is explicitly barring cryptocurrency mining apps from the platform. The main reason for this is likely an extension of a previous App Store policy, which required that apps not “rapidly drain battery, generate excessive heat, or put unnecessary strain on device resources.”
Cryptocurrency mining conducted on-device could quickly deplete a phone’s battery life. It also prevents developers from abusing their power: The Mac app Calendar 2 introduced an update in March that allowed it to mine for cryptocurrency in the background, eating up users’ CPU power until they killed the app. Apple removed it from its App Store shortly thereafter.
Apple does still allow cryptocurrency wallet apps and apps that mine crypto off-device, such as through the cloud.
Making two-factor authentication less of a hassle
In addition to expanding its password management and password-suggestion capabilities, Apple is also improving the way it handles two-factor authentication in an effort to make the security practice less of a hassle, and perhaps urge more apps to implement the feature.
In iOS 12, the system will automatically copy the code sent to your device so you can easily paste it into an app’s log-in page. When an app sends a unique code via SMS to the device you’re currently on, you won’t even need to open that message: The OS will identify the code, copy it, and make it an autofill option in the app.
Preventing sites from tracking your web browsing
One thing Apple did mention in its WWDC keynote was its implementation of new tools to help prevent websites from following users around the web. A number of websites and ad platforms use cookies to track your activities across the web and then use that information to build a profile on your identity and serve you with the most relevant ads. In iOS 12, the Safari browser will prevent those tools from harvesting data about your online activities unless you expressly allow permission.
It’s a particular dig at those social media Like and Share buttons: Now, Safari will give you an alert asking whether you want to allow a site such as Facebook to “use cookies and website data”—and unlike before, when Facebook could track your web browsing at will, you have the option of saying “No” and preventing Facebook from monitoring your behavior.
Through these “intelligent tracking protection” capabilities, Safari will also reduce the amount of data it shares with websites, which should make it harder for third parties to fingerprint you and your device. Apple also found that cross-site trackers tend to work together to better identify users. Safari’s tools minimize this as well.
Making it more difficult to crack your phone
Another change Apple is making is cutting off USB-based communications after one hour of inactivity. This will significantly hinder law enforcement officials who obtain devices they intend to crack through the device’s Lightning data port—if the device hasn’t been unlocked for more than an hour, that method will essentially become impossible. But as 9to5Mac notes, Apple is closing a security hole that could be exploited by any party with access to your phone. “You cannot have a security hole that is used only by the good guys,” 9to5Mac says. “Anything law enforcement can use with good intentions, criminals can use with bad intentions.”
Apple representatives said that in addition to protecting iOS users against unwanted access from criminals or spies, the change “will protect customers in countries where law enforcement seizes and tries to crack phones with fewer legal restrictions than under U.S. law.” Last year, Apple made another update to this end, giving iPhone users the ability to quickly disable Touch ID—and thus prevent police from forcing someone to unlock their phone with their thumb.
Apple has suffered its fair share of security issues over the years—serious bugs that could allow a malicious app to steal password credentials, the 2014 celebrity iCloud hack, and its products also being vulnerable to the Meltdown and Spectre chip flaws uncovered earlier this year—but updates such as these ensure that iOS users experience a more secure mobile platform.
