Making the most of iOS’ new security capabilities
SOME NEW TOOLS AWAIT.
IF YOU HAVE an iPhone 6 Plus or later, in September you would have received a major iOS update, taking you to the new version 13. Like most of us, you probably just accepted the update and thought no more about it. But it’s actually worth paying attention to this one, as it adds some very useful new security features that you should make best use of.
ONE-TIME LOCATION DATA
One of the key security issues with most mobile phones is location tracking. If you give an app access to location data, it’s entirely possible for that app to upload your current location as well as track your every movement. And more than a few apps did just that, selling your location data to advertisers and retailers (and shadier enterprises besides).
Originally, location tracking was an all-or-nothing thing: either an app had access to your location data or it didn’t, which could be a tough call if location was central to an app’s functions. Later, Apple added the option to only allow an app to track location when it was actively in use (to prevent them from always tracking your location in the background).
Now in iOS 13, Apple has added the option to only allow the app to access your location once, after which location access is revoked. That means the next time you try and use the app, you’ll get the same popup asking for access again. This might seem annoying, but it’s certainly better than giving many apps carte blanche access to your location.
BLUETOOTH PERMISSIONS
Access to the Bluetooth sensor is now something that you have to authorise. Previously, Bluetooth access was automatically granted to apps. The reason for this is that some apps – most notoriously the Macy’s app – were using the Bluetooth sensor purely for tracking. Macy’s stores in the US would track user’s movements around the store using in-store beacons working in conjunction with the Macy’s app. The app would sense a nearby in-store Bluetooth beacon, and send a message back to Macy’s that the user was now standing near that beacon.
SIGN IN WITH APPLE ID (USING A BURNER EMAIL)
Plenty of sites and apps already have a ‘Sign in with Google’ or ‘Sign in with Facebook’ function, which allows you to use your Google
ONE OF THE KEY SECURITY ISSUES WITH MOST MOBILE PHONES IS LOCATION TRACKING. IF YOU GIVE AN APP ACCESS TO LOCATION DATA, IT’S ENTIRELY POSSIBLE FOR THAT APP TO UPLOAD YOUR CURRENT LOCATION AS WELL AS TRACK YOUR EVERY MOVEMENT.
or Facebook login to sign into the site. It’s convenient; though as we have noted previously in this column, has significant security implications as you may give a site greater access to your Google or Facebook account than you realise, and it also gives them access to your personal information (including your personal email address) and links their site login to a specific Google or Facebook identity.
Apple has now entered the fray, but with a twist. With iOS 13, Apple has added a Sign in with Apple ID option, where apps or sites can use your Apple ID to provide a quick login. It works a lot like the familiar Google or Facebook logins, but with one notable extra option that it is important to be aware of.
When you use the Apple sign in, Apple will ask you if you would like to hide your email address. If you say yes, Apple will create a burner email address to be used in that login, hiding your real email address from the website. It’s rather like that old security trick of having a variety of ‘junk’ email address that you use to sign into websites that seem dodgy, so you can keep your real email address away from the spambots. Apple has baked that right into the sign in process, preventing sites from easily getting hold of your email address.
If the website or app later tries to contact you, Apple will forward a note to you so that you’re aware of it, but you don’t have to see the email in your inbox.
SILENCE UNKNOWN CALLERS
This is something we touched on in the last issue of TechLife: the capacity to simply silence all calls from people who aren’t in your contacts list. If your phone doesn’t know who a call is coming from, then they get sent straight to voicemail.
It’s a little heavy handed, to be sure, but with the volume of nuisance calls reaching astronomical levels you might feel it necessary for your sanity.
You can find the option to Silence Unknown Callers in Settings > Phone. It’s a simple switch that, once turned on, will automatically route unknown callers straight to voicemail. You’ll be sent a notification of their call.
STOP SIRI SPYING
iOS 13.2 (which was still in beta at the time of writing) is adding some new options to stop Siri from gathering data on you as well. There are two new options in the settings: one is to prevent Apple from gathering voice samples from you for use in improving Siri’s dictation; the other is to delete your Siri search and dictation history.
You can find the first in Settings > Privacy > Analytics & Improvements (the setting previously known just as Analytics). This section, you’ll see, has been expanded, and there’s now an option to switch off Apple’s collection of your voice data.
Deleting your Siri question history can be done in Settings > Siri & Search. Tap on Siri & Dictation History, then on the option to delete it. This will remove it from Apple’s servers.
HOMEKIT SECURE VIDEO
Another option being newly introduced in iOS 13.2, this one is more niche than the others, but is notable for those who might use Apple’s HomeKit home automation systems. When a HomeKit camera captures video (for example a security or doorbell camera), it normally uploads it to the cloud for analysis and viewing.
Secure Video adds an extra layer of security on top of that. It can now send the data locally to an iPod, HomePod or AppleTV for initial analysis. Then it will be encrypted before it’s uploaded to the cloud for remote viewing. It’s encrypted so that not even Apple can view the captured footage. A few camera manufacturers have already announced support, and it’s a sign that Apple continues to take privacy very seriously – far more seriously, we dare say, than its rivals like Google and Facebook.