Apple previewed its new operating systems this week at the company's annual Worldwide Developers Conference (WWDC), and among the many features presented, there is a wide range of new security and privacy tools. Here's an overview of what's coming this fall.
Sign In with Apple
The most impressive new privacy feature Apple announced is Sign In with Apple, a service that will allow app developers and websites to provide a button so users can sign up to services anonymously. Think of the many websites you visit or apps you use that let you sign in with your Facebook or Google account. This is practical, because you don't need to create a new login and secure password, but it gives those companies the ability to track even more of your activity.
With Sign In with Apple, you can either enter your name and email address, or you can choose to be assigned a random email address for the site or app that is forwarded to your iCloud email address, in the format firstname.lastname@example.org.
There are a number of advantages to this. Your identity is protected by two-factor authentication (assuming you have activated this, though it appears Apple may require it for this service), and you'll even be able to authenticate on websites and apps via Face ID or Touch ID. You won't need to remember the email address, and you'll have the ability to kill the address at any time, such as if you start receiving spam. Apple won't track you, and no data will be provided to third parties. And if you use a relay email address, you are protected from data breaches: if a site or service exposes user data, your random email address won't allow hackers to access any of your other accounts.
Sign In with Apple will work on all of Apple's platforms: macOS, iOS, iPadOS, tvOS, and watchOS.
It's worth noting that Apple will require that app developers who use third-party sign-in systems — such as Facebook, Google, or Twitter — also add Sign In with Apple to their apps.
Bear in mind that this can be a form of platform lock-in, just as signing in with Facebook or Google can keep you linked to their platforms. It's not clear whether you'll need to use an iCloud email address in order to receive these forwarded emails; many people don't use an iCloud email address as their Apple ID, so presumably this will work with any email domain.
Activation Lock on Macs
If you have a Mac which contains the T2 security chip — which includes the Mac mini, MacBook Air, and MacBook Pro from 2018 or later, and the iMac Pro — macOS Catalina will offer Activation Lock. This means that if your Mac is lost or stolen, you'll be able to lock it so no one else can use it. This already exists on the iPhone and iPad, and adding it to the Mac is a great idea. This should limit thefts of Macs, as a locked device simply cannot be used.
Apple has renamed its Find My Mac/iPhone/iPad, the app that lets you locate your Apple devices, to just Find My. The company is also merging Find My Friends into the same new Find My app. In addition, a new feature will allow Find My to locate devices that are offline, as long as they are asleep, using crowd-sounded location data. As Apple explains:
When you mark your device as missing and another Apple user’s device is nearby, it can detect your device’s Bluetooth signal and report its location to you. It’s completely anonymous and encrypted end-to-end, so everyone’s privacy is protected.
Approve with Apple Watch
If you've ever used your Apple Watch to approve a payment on your Mac by double-pressing the side button, you know how easy this is. Since the Apple Watch has identified you via your iPhone, this identification can be safely used to communicate with other Apple devices. Apple is extending this to some system features that currently require that you enter a password: opening secure System Preferences panes, viewing passwords in Safari, approving app installations, and even modifying root files.
HomeKit Secure Video
HomeKit Secure Video will allow you to use a security camera whose data is encrypted and sent to iCloud, so no-one can peek at what goes on in your home. Apple points out that this is free, and doesn't count against your iCloud storage plan.
Apple is also working with router manufacturers to create HomeKit-enabled routers for additional security. These routers will prevent Internet-of-things devices from sending data outside your home. (It's a shame that Apple doesn't make routers any more...)
New Location Controls
iOS 13 adds new location controls, so you can allow an app to access your location just once, instead of the current settings which are Always or When using the app.
Apps for Kids: No More Tracking
Apple is banning the use of tracking technology in apps that are sold in the Kids category on the App Store. These apps will no longer be allowed to include third-party advertising or analytics.
More iOS Features
iOS 13 also sees enhanced Wi-Fi and Bluetooth privacy features, strengthened anti-fingerprinting protection in Safari, and the ability to remove location information from photos you share.
More macOS Features
Apps on the Mac will need permission - asked once, when first needed - to access files in your Documents or Desktop folder, in iCloud Drive, and on any external volume connected to your Mac. You'll also be prompted when any app can capture your keystrokes or take a screenshot or video of your screen.
macOS will run in its own private, read-only volume, so there will be no way for malicious apps to write files to the volume or alter existing files, or no way for you to accidentally delete key files. The installation of macOS Catalina creates two volumes, one with the operating system, and another with data, segregating the two types of files.
Apple is doubling down on security and privacy, and this is an impressive list of new features. We'll keep you posted as more information about these key features becomes available.
How can I learn more?
We discuss these new security and privacy features and other WWDC 2019 announcements in episode 86 of the Intego Mac Podcast. Be sure to subscribe to make sure you don't miss any episodes! You'll also want to subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for updates.