Apple + Recommended + Security & Privacy

Why iOS 12 is huge for security and privacy

Posted on by

Apple held its yearly Worldwide Developers Conference (WWDC) keynote on Monday, June 4, 2018. Apple’s CEO Tim Cook, SVP of Software Engineering Craig Federighi, and other Apple executives and engineers took the stage to share what’s coming in the next versions of iOS, watchOS, tvOS, and macOS.

Stay tuned to The Mac Security Blog for more coverage of WWDC 2018, coming soon!

There are some great new consumer-oriented features in each operating system, from Memoji to Walkie-Talkie to Zero Sign-on to Desktop Stacks. But as a security researcher and journalist, what stood out to me was something that probably barely registered for most people watching the keynote.

iOS 12 Will Support the Same Devices

What’s most exciting to me about iOS 12 is that it will be compatible with all iPhone, iPad, and iPod touch devices that support iOS 11—including the iPhone 5S and the original iPad Air, which were released in late 2013, about five years before iOS 12 is scheduled for release.

iPhone 5S introduced Touch ID and Secure Enclave. Image: Kārlis Dambrāns

Federighi explained that a major focus of iOS 12 is increased performance. This is great for users of devices that have felt sluggish since upgrading to iOS 11, whether due to battery-related throttling or for other reasons. Because iOS 12 will improve device speed, it was logical for Apple to extend that benefit to users who are upset about the performance of iOS 11 on older devices.

From my security-focused view, the fact that iOS 12 will run on the same devices as iOS 11 is a really great thing from a security and privacy standpoint.

Why? Because any new security and privacy enhancements that come in iOS 12 (as well as later updates, such as 12.1, and so on) will be available to a lot more devices.

You might be aware that for the past few years when Apple has released iOS 9, 10, and 11, each dropped support for some older hardware. What you might not know is that, while Apple has traditionally released security updates for the current and two previous versions of macOS, Apple’s approach to iOS updates is different; only the current version of iOS gets security fixes.

By making iOS 12 available to all the same devices that support iOS 11, more devices in active use today will be able to take advantage of the security and privacy enhancements and bug fixes that will only be available in iOS 12.

Users of certain older devices—including education customers, which often hang onto older iPads longer than consumers—are indeed fortunate that Apple has chosen to extend the useful life of their hardware for at least another year.

Even if Apple were to announce no further security or privacy features for iOS 12, the fact that Apple isn’t leaving behind any iOS 11 compatible devices is a great thing.

Apple should be commended for choosing to continue releasing security updates for older devices, even if security may not have been Apple’s primary reason for making iOS 12 support the same hardware.

But wait, there’s more! Apple’s iOS 12 preview and new features pages list several specific security and privacy related features in the upcoming mobile OS.

Password and Authentication Enhancements

One clever enhancement in iOS 12 is that “SMS one-time passcodes will now appear automatically as AutoFill suggestions,” so two-step authentication will be easier than ever.

Third-party password manager apps can adopt iOS 12’s new Password Manager API, which will enable users to quickly fill in passwords using the QuickType bar in Safari and other apps.

Passwords can be easily shared from an iOS device to a nearby Mac, Apple TV, or another iOS device.

Apple also said, “If you ever need to access your [iCloud Keychain] passwords, just ask Siri.” Oh, really? Let’s hope Siri won’t blab your passwords aloud to anyone who asks for them. Rather, Apple probably means that you’ll be able to ask Siri to take you to your “passwords list,” which presumably means that Siri will first confirm your identity via Face ID or Touch ID, and then transport you directly into the password manager (which you can currently find in iOS 11 by going into Settings > Accounts & Passwords > App & Website Passwords > iCloud).

Safari Privacy and Security Enhancements

Several new security and privacy features overlap with those coming to macOS Mojave 10.14, which we’ll cover soon in a separate article. For example, the version of Safari included with iOS 12 offers enhanced tracking protection to make it more difficult for your device to be uniquely fingerprinted by advertisers.

Another feature shared with macOS Mojave is “automatic strong passwords,” which means that Safari and iOS apps can automatically create, autofill, and store passwords in iCloud Keychain and be instantly available on your other Apple devices. Moreover, passwords that have been reused between multiple services “will be flagged in the passwords list,” making it easy for you to find them so you can replace them with more secure, unique passwords.

For more about the security and privacy features that overlap with iOS, stay tuned for our macOS Mojave article.

When Will iOS 12 Be Available?

Apple says that iOS 12 and its other new operating systems will be available in the fall, which could mean anytime between September 22 and December 21, 2018. Apple usually releases major iOS and macOS updates in September.

If you’re feeling adventurous, you can join Apple’s developer program for $99 (U.S.) to get access to the developer preview versions now. Or you can sign up for Apple’s public beta program (free) and get access to beta versions of iOS, macOS, and tvOS in “late June.”

About Joshua Long

Joshua Long (@theJoshMeister), Intego's Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master's degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple ID authentication vulnerability. Josh has conducted cybersecurity research for more than 25 years, which has often been featured by major news outlets worldwide. Look for more of Josh's articles at and follow him on X/Twitter, LinkedIn, and Mastodon. View all posts by Joshua Long →