PrivacyAid

Blog

iOS 14 - Apple’s powerful privacy update

iOS 14 – Apple’s powerful privacy update

Apple’s latest iOS release provides users with new controls that restrict tracking and enhance privacy

Apple iSO 14 new data privacy update on iPhone
Image credit: Apple Inc

Apple’s iOS 14, which was released in September, provides new privacy controls that restrict how different parts of your device are used to track you.

Apple had plans to implement even stricter Identifier for Advertisers (IDFA) controls, but these have now been delayed until early next year after complaints from Facebook.

IDFA is Apple’s technology to assign a unique code to a user’s device, which allows advertisers to track, evaluate, and measure campaigns.

The planned future update will see the default opt-out approach switch to an opt-in approach, like the checks that we are used to ticking for marketing under the GDPR. All apps on Apple devices will have to prompt users with a request, asking for explicit permission to track user activity across the app for advertising purposes. The update is expected in early 2021.

A Quick Overview of the Privacy Features That Are Available Now:

iOS 14 added several new privacy features that give more information about how apps are using your device and give you, the user, more control.

You can now access a detailed report in Safari that shows exactly which apps and websites are tracking you, which information they are tracking, and how many have been blocked through iOS 14. To see the report on your mobile device:

Open Safari on your iPhone or iPad, tap the Aa icon on the left of the address bar, and select Privacy Report. You will see a nice pop-up window containing the Privacy Report and its details.

Note that cross-site tracking prevention needs to be enabled in Settings for Privacy Report to work, but it is turned on by default, so it is unlikely you will need to make any tweaks to your settings.

Apple has synced passwords and login credentials for various accounts across your devices for some time now and you can see what is stored by choosing Passwords from Settings.

Now, in iOS 14 as well as macOS there is a password monitoring system.  If your credentials are involved in a data breach and you are at risk of being compromised, you will receive an alert. You can also see Security Recommendations, which will inform you of any passwords that iOS thinks are insecure (either because of a data breach, too weak or overused). This feature is accessed from the top of the Passwords screen.

To further protect your privacy, your Apple device can use a different MAC address with each Wi-Fi network.

To communicate with a Wi-Fi network, a device must identify itself to the network using a unique network address called a media access control (MAC) address. If the device always uses the same Wi-Fi MAC address across all networks, network providers and other network observers can more easily relate that address to the device’s network activity and location over time. This allows a kind of user tracking or profiling, and it applies to all devices on all Wi-Fi networks.

To reduce this privacy risk, iOS 14, iPadOS 14 and watchOS 7 use a different MAC address for each Wi-Fi network. This unique, static MAC address is your device’s private Wi-Fi address for that network only.

There is now the ability to set an ‘approximate location’ versus a specific location when using apps.

To allow an app to use your specific location, leave Precise Location turned on. To share only your approximate location—which may be sufficient for an app that does not need your exact location—turn Precise Location off.

Screenshot of how to find location services in the apple iPhone iOS 14 settings

From December 8th, Apple will require app developers to detail their privacy information on the App store. Apple refers to these as “privacy nutrition labels,” and the aim is to be more transparent about data that apps collect (and how they use it) without needing a lengthy privacy notice. To learn more about the privacy labels, head to Apple’s developer support page.

Written & Published By: Claire Robinson DPO, CIPP/E, CIPM, ISO 27001 certified Consultant.

Wednesday 11th November 2020