ConsultMyApp

View Original

iOS 17 Security And Privacy Features: The New iPhone Updates

Right now, the demand for more convenient new iPhone features is changing faster than ever, and it isn’t slowing anytime soon. 

Yes, the features we use on our iPhones are changing at an ever-increasing pace. As a result, you sometimes have to compromise between privacy and convenience on your device. If you have an app in the app store, then so do your users.

Apple has famously always worked hard to give us the best of both worlds. Now they are on a mission to push this even further to the forefront of the iPhone marketing message.

Security and privacy features coming soon - new privacy levels

While the new iOS 17 and iPadOS 17 launches have brought us convenience features like visual searches and dynamic widgets, there's a big focus on privacy and security updates.

If you are currently developing an app, then you need to pay close attention to staying on the right side of the updated rules and maintaining users' trust.

The ConsultMyApp team has collected the most important insights into iOS17 security and privacy updates to give you a clearer idea of what to expect and how you can adapt to these changes successfully. 

What are Apple’s privacy manifests?

Privacy manifests, often referred to as privacy manifest files, are one of the latest Apple iOS 17 privacy and security features.

Their primary purpose is to offer app developers a clear picture of data collection and usage by the third-party SDKs they integrate. 

 Additionally, iOS 17 brings in the required reason APIs, an essential component that must be documented within each privacy manifest.
As Apple describes, privacy manifests as a comprehensive list detailing the data types your app or its third-party SDK gathers and the reason APIs are being utilized.

So, what does working with privacy manifests entail?

In short:

1. Apps and SDKs produce privacy manifests.

2. Xcode combines these into the Privacy Report for developers.

3. Developers use this to make their Privacy Nutrition Label, which users can view on their devices.

10 Apple security updates and privacy features in iOS 17

  1. Restrictions on Device Fingerprinting

  2. Lock Private Windows in Safari with Face ID

  3. Better Tracking Prevention

  4. New Photos Privacy Permissions

  5. Enhanced Lockdown Mode

  6. Auto-delete Verification Codes

  7. Automatic Check-in Texts in Messages

  8. Password Groups for Apple Keychain

  9. Automatic Passkeys for Apple Login

  10. Silence Unknown Calls with Live Voicemail

Restrictions on device fingerprinting

According to Apple, new updates for iOS 17, tvOS 17, watchOS 10, and macOS Sonoma will have stricter rules regarding fingerprinting.

Developers must explain why they use certain APIs in their app's privacy list. If they don't, their apps might get rejected from spring 2024.

To combat potential misuse, Apple mandates app creators to clearly state their intent if employing certain APIs by Fall 2023, particularly:

  • Active Keyboard

  • Disk space

  • File timestamp

  • System boot time

  • User defaults

Lock Private Windows in Safari with Face ID

Apple's new version of iOS has stepped up browsing privacy in Safari. Now, private tabs lock and only unlock with user biometrics. Another new feature is that Apple has revamped how you arrange all active tabs.

 Here’s how:

  • Go to Safari settings.

  • There's a new choice to turn on Face ID for Private Browsing.

  • When you switch to your Private tabs, they appear locked.

  • Tap “Unlock”, confirm with Face ID, and your tabs become visible.0-

Apple isn't just limiting Safari private browsing to iOS. Over on macOS Sonoma, users get a similar feature. 

The difference? They’ll authenticate with a password or Touch ID. It might not be Face ID, but it’s still a solid layer of protection.

Link tracking protection in iOS 17

With the new iOS 17 features, Apple is taking a firmer stance on UTM tracking links, impacting web-ad attribution.

While UTM trackers are crucial for marketers, Apple's new Link Tracking Protection removes certain tracking elements from URLs accessed via Safari's Private Browser Mode and native apps like Mail & Messenger. 

This change might seem minor as it affects a limited traffic source. However, it could signal the beginning of a larger privacy move from Apple.

Though UTM parameters will be removed, links will still direct users to their intended sites. Currently, only specific parameters, like those from Google and Facebook, are targeted, but this could expand. If this reaches other Marketing Automation tools, it could result in the loss of vital campaign data.

With iOS 17 comes new photos privacy permissions 

In the iOS 17 update, Apple has redefined photo privacy, giving iPhone owners tighter control over their Photo Library access. The revamped Photos picker now allows new iPhone Xs users to specify which photos an app can access, safeguarding the rest.

Users can opt for:

  • Limited Access: Share specific photos with apps. Later adjustments can be made in the iPhone privacy and security settings.

  • Full Access: Let apps see all your photos and videos. iOS 17 clearly indicates the number of items you're sharing.

  • None: Block any access.

  • Add Photos Only: Apps can add photos without viewing the existing ones. Note: Not all apps support this.

For a more transparent overview, the Settings app displays the access level granted to each app. Periodic reminders will also nudge users to reconsider apps with full access, which advocate for more secure limited access.

When new apps are installed, users decide between limited or full photo access, moving away from the earlier blanket access. 

Enhanced lockdown mode

Introduced in iOS 16, Lockdown Mode is coming in iOS 17 and offers enhanced privacy, especially for those wary of advanced spyware or surveillance threats.

It strengthens defenses by shutting down certain features often exploited by malicious software, such as iMessage and HomeKit. 

This safety feature steps up the barrier against unwanted breaches and data leaks similar to the one seen in the Apple Watch back in 2022, when a vulnerability meant that it was possible for hackers to obtain private data from users.

When you share pictures in lockdown mode, your location is concealed. The feature also prevents connections to unsecured Wi-Fi and 2G, reducing exposure to threats from network spying and devices like stingrays, which are notorious for capturing cellular information.

How to activate lockdown mode: 

  • Go to Settings.

  • Scroll down to “Privacy & Security”

  • Scroll to the bottom to find “Lockdown Mode”

  • Turn on lockdown mode

  • Restart your phone 

Auto-delete verification codes

If you are a regular user of 2FA codes via SMS, auto-deleting verification codes in Messages and Mail is a simple but very effective game-changer for your security. 

After you use the AutoFill feature, codes can be set to vanish automatically. This keeps your Messages feed much cleaner. 

While primarily a feature for ease, it does offer a slight edge in security.

You can activate this in less than 15 seconds:

1. Open Settings.

2. Select Passwords.

3. Choose Password Options and turn on Clean up Automatically.

Automatic check-in texts in message

With iOS's new "Check In" feature for iPhone users, sharing your location has never been simpler. Users can choose to share their anticipated arrival times with friends, who, in turn, can monitor their real-time location. If anything seems unusual, friends are promptly alerted.

You can choose the amount of data you share. For example, use “Limited” to share location, network signal, and battery level. Use “Full” to add the route traveled, the location of the last ‌iPhone‌ unlock, and the location of where the Apple Watch was last removed.

Note: All location data is end-to-end encrypted by Apple, upholding user privacy and eliminating the reliance on third-party apps that could compromise location details. 

 Password groups for Apple Keychain

With iOS 17, Apple elevates user experience by introducing automatic passkeys in its Keychain. This feature streamlines the Apple Login process, providing both seamless access and enhanced security.

Here's how:

1. Access the settings menu.

2. Navigate to Passwords.

3. Utilize the "New Shared Group" option by tapping the plus sign.

4. Set up shared access to ensure that the system automatically manages and secures passkeys for specified accounts.

Automatic passkeys for apple login

In iOS 17, Apple introduced an understated yet transformative feature: automatic passkeys. Your device now doubles as both a password and a two-factor authentication (2FA) key for Apple Login.

Here's a breakdown:

1. Attempting to log into Apple.com, you'll see two options: Your standard password or the new "Sign in with iPhone" alternative. 

2. Choose the latter, and a QR code appears.

3. Scan it with your iPhone, confirm using Face ID, and you're in.

This method bypasses traditional passwords, enhancing security. It's clear that iOS 17 is propelling us towards a password-less future.

Silence unknown calls with live voicemail

Don’t you hate it when you get a spam call? Whether it disturbs you while you’re in the middle of something or you’re misled by thinking that’s the call you’ve been waiting for all day, it’s enough to spoil your mood, severely. 

Luckily, Apple has put an end to it. iOS 17 debuts a "Silence Unknown Callers" feature. Here is how it prevents spam calls for good:

1. Activate the feature, and any call from a number not in your contacts goes straight to voicemail.

2. Instead of just a beep, you get a Live Voicemail: a real-time transcription of the message being left. 

3. You can read the transcription as it's being recorded, allowing you to decide if you want to jump in.

Everything happens on-device, ensuring privacy. This feature cuts down on disruptions and keeps your iPhone junk-free and your mind at peace.

When will Apple enforce iOS 18’s announced security updates?

So, when did these security updates come to life? Here's a brief summary of Apple's iOS 17 privacy roadmap as of September 2023:

 September 2023:

  • Public release of iOS 17. The described privacy enhancements will be activated starting in Fall 2023.

 
Fall 2023:

  • Apple reviews new and revised apps for the presence of privacy-affecting SDKs.

  • Developers receive emails if their SDKs miss a signature or privacy manifest

  • Alerts also go out to developers of apps tapping into necessary reason APIs without valid explanations.

Spring 2024:

  • SDK signatures and privacy manifests become mandatory and integrated into the App Review step.

  • Any app discrepancies noted by Apple must be resolved before App Store listings.

  • Full implementation of the stated privacy shifts will commence in Spring 2024.

Today, when privacy is so easily compromised, it's great to see Apple's commitment to user security. This also reinforces their place in the market as a secure ecosystem for users, which as done so well for them in the past.

With iOS 17, they're not just raising the bar; they're redefining it. By weaving new security and privacy features into our daily digital routines, Apple ensures we can connect, share, and explore without being compromised.

Shifting towards a privacy-centric approach isn't just a necessity; it's a unique opportunity for you to get your app to the next level. Remember, adapting proactively isn't about playing catch-up; it's about leading the way.

Need specific advice on your app's direction? It’s what we do. If you think you might have a question relating to app security or app marketing then  Contact the CMA team.

See this gallery in the original post