What security and privacy enhancements has iOS 13 brought?

With the release of iPhone 11 and its two Pro variants, Apple has released iOS 13, a substantial functional update of its popular mobile operating system.

But while many users are happy to finally get a complete Dark Mode for the device or a better phone camera, some are more interested in security and privacy enhancements.

Location data

On iOS 13, users will be able to control the location data shared with apps with more fine-grained controls:

Before, users were able to tell apps either not to use their location data at all, to use it just while the app is in use, or to use it always. Now there’s another, more temporary option: “Allow Once”.

Also, users will start seeing occasional notifications about apps tracking their location, which will prompt them to revise the current location tracking settings for that app. Depending on how often the app accesses the device’s location information, these notification can be rare or very frequent, and might spur some users towards disallowing location tracking for that app or in general.

Next: API changes and new controls introduced in the new OS version will help prevent apps from accessing users’ location without their consent while they are using Wi-Fi and Bluetooth.

Some applications don’t ask permission to access users’ location, but are using Wi-Fi and/or Bluetooth to learn it furtively. With iOS 13, apps will have to explicitly request permission to access Bluetooth or Wi-Fi data.

Also: When sharing a photo, iOS 13 users have the option to disable location sharing – though they have to remember to do that, as there is no way to make that choice permanent. (Although users can always able to choose to switch off location services for the Camera app.)

What else?

A few months ago, Apple debuted its Sign in with Apple single sign-on (SSO) authentication mechanism that, aside from offering an easier way to sign into apps and services, also allows users to hide their email address from them by providing a (working) relay one hosted by Apple.

Apple has promised not to track or profile user when they sign in with Apple, and says Sign in with Apple is a very secure option, as is requires users’ Apple ID to be protected with two-factor authentication. Sign in with Apple is now available through iOS 13.

Safari now warns users if they try to use a weak password when signing up for a new website account, and users’ Safari history and open tabs that have synced with iCloud are now end‑to‑end encrypted. Also, on iOS 13, Safari has cross-site tracking enabled by default.

Finally, by switching on the new Silence Unknown Callers option in their phone settings, iOS users can now avoid annoying robo-calls and scammy phone calls.

The feature is disabled by default but, if switched on, will direct all incoming calls from unknown numbers to voicemail. If the caller was legit and the call important, they will leave a voicemail or try to contact the user via some other means (SMS, email, etc.)

Enterprise security and privacy enhancements

iOS 13 will bring a new form of management called User Enrollment, built specifically for enrolling users’ own devices while maintaining their privacy.

“In a similar move to Google’s Android Enterprise work profile, Apple’s new User Enrollment functionality adds a specific managed and cryptographically segmented partition to devices using a separate, work-managed Apple ID. This allows admins to install and manage corporate apps and data, but does not let them see, alter or erase anything personal outside of the managed partition,” Wandera’s Alex Anstett explained.

“Basically, everything personal on a User-Enrolled device remains outside of the managed area and cannot be viewed or edited by admins, which is a fitting enrollment model for privacy-centric environments.”

Admins will also be able to create and manage Apple IDs used by employees and deliver custom (security-tied) content to users during Automated Device Enrollment.

Finally, Apple has released a new single sign-on extension for identity providers (e.g., Okta, OneLogin, IBM Cloud Identity, Azure Active Directory), to help streamline logins to enterprise applications and cloud services.

“The single sign-on extension is developed by the identity provider and bundled as part of their mobile app. The extension is then configured via an MDM profile that allows admins to specify details about their identity provider, like hostnames and other identifiers. Finally, enterprise-oriented apps, like Box and Salesforce, simply make a single API request to kick off the login via the new SSO extension, vastly reducing complexity and obscure integrations,” Anstett noted.

iPads get a new OS

As mentioned before, iOS 13 is shipped by default with the tree iPhone 11 variants. Users of iPhone 6S and newer models can also upgrade to it.

It’s also good to note that, from now on, iPads will start getting a new iOS variant with specific features – iPadOS. iPadOS 13 is scheduled to be released on September 24, 2019.