New security, privacy features in iOS 12 and macOS Mojave

SmartNA PortPlus - High Performance Visibility Solutions that scale with your network.

Apple has announced a slew of new features for iOS 12 and macOS Mojave (10.14), but also some security and privacy improvements that should make privacy-minded users very happy.

iOS macOS mojave security privacy

The improvements are mainly tied to Safari, which is the default browser offered by the company’s mobile and desktop operating systems.

“In Safari, enhanced Intelligent Tracking Prevention helps block social media ‘Like’ or ‘Share’ buttons and comment widgets from tracking users without permission. Safari now also presents simplified system information when users browse the web, preventing them from being tracked based on their system configuration. Safari now also automatically creates, autofills and stores strong passwords when users create new online accounts and flags reused passwords so users can change them,” the company noted.

MacOS Mojave also comes with new data protections that will require apps to get user permission before using the Mac camera and microphone or accessing personal data like user Mail history and Messages database.

Both iOS 12 and macOS Mojave will be made available this fall.

How will it work?

As explained by Craig Federighi, Apple’s senior vice president of software engineering, at the Worldwide Developers Conference on Monday, the next version of Safari will detect when a website tries to access users’ data or cookies, and will ask them whether they want to allow this.

He demonstrated for the audience how that would look in practice by showing Safari opening a news portal that uses the Facebook comment widget, and then showing a pop-up saying “Do you want to allow ‘facebook.com” to use cookies and website data while browsing ‘newsportal.com’?”

As these buttons and widgets are ubiquitous on the web, this could turn out to be a wake-up call for many who did not previously grasp the extent to which Facebook and other services tracked their online activity.

Anti-fingerprinting changes introduced in Safari will make websites “see” just simplified system information about the users’ devices. They will no longer be able to see configuration settings, plugins and non-default fonts in use, which is information that can be used to create a unique fingerprint of the users’ system and to track their online activity through it.

Unfortunately, there are many other fingerprinting techniques used by online trackers that these changes won’t be able to stop, but this is a good first step. Mozilla has also slowly been working on thwarting different ones, but it’s going to be a long game of whack-a-mole for all browser makers as new ways of tracking users are being introduced all the time.

Apple’s attempt to improve users’ passwords takes the form of integrated tools for generating strong passwords (and flagging reused ones), saving them into the iCloud keychain, and entering them into Safari and iOS apps when needed. Another new feature will allow the autofilling of one-time passwords provided by authentication apps.

The new iOS could also end up having a USB Restricted Mode, which will require the user to enter the correct device passcode if they want to access the data in it via a USB accessory after the phone has been locked for over an hour. This mode should thwart currently available third-party solutions used by law enforcement agencies to access data from suspects’ locked iPhones.

This particular feature is being tested, but has yet to be included in any of the beta iOS versions.