Apple privacy features: What the company should add next – Fast Company

When it announcedplans to detect images of child sexual abuse on iPhones, privacy experts called the technology dangerous, and one that could possibly be exploited by authoritarian governments. (Apple ultimately stopped talking about the feature without having released it.) And while the company took privacy into account with its AirTag trackers, critics still raised concerns about the tiny gadgets potential to enable stalking, leading Apple to tweak their functionality after release.

Those controversies aside, when it comes to protecting your data and securing your online privacy, its fair to say that no other tech giant goes further than Apple. Yet, thats not to say the company cant go even further. And with its annual Worldwide Developers Conference (WWDC) just a month away, many are hoping the company will double down on privacy and security in 2022. Here are 10 ways it can do that.

Ask any privacy expert, and youll likely hear Apples biggest privacy flaw is that iCloud backups are not end-to-end encrypted. Instead, theyre merely encrypted.

The distinction is important.

When your data are end-to-end encrypted, only you can access it, because only you hold the decryption keys. When data are simply encrypted, both the user and the entity that possesses the dataApple in this casehold the decryption keys and can access the data at any time.

Currently, iCloud backups are only encrypted, so anything they contain can be accessed by Apple. While iCloud backups include non-personally identifying information, such as device settings, in some instances they also include your photos and messages. And though theres no reason to think Apple is snooping around, from a technical standpoint, it could peek into your messages and photosor turn the decrypted backups with that data over to governments when compelled to with a valid legal order.

The citizens of democratic nations, such as the U.S., have powerful legal protections against unwarranted searches, which means the government needs a very good reason (and a court order) to access someones data. But less democratic nations usually dont offer such legal protections, which leave their citizens with iCloud backups potentially vulnerable.

One argument Apple uses for not end-to-end encrypting iCloud backups is so the company can recover data when users forget their password. Its a valid point. However, an easy compromise between privacy, security, and convenience would be to allow users to choose if they want their iCloud backups end-to-end encrypted, and are willing to assume the risks that come with that.

If youre an iCloud user, some of your data are potentially stored in two different ways on Apples servers: as part of your iPhones iCloud backup, and separately in iCloud itself. The lack of end-to-end encryption of your data for the latter type of storage is even more egregious than for iCloud backups. This is because iCloud itself usually stores much more sensitive personal data than whats in your iCloud backup.

While some iCloud data are end-to-end encrypted, much of it is not. Data that lack end-to-end encryption include your calendars, contacts, files in iCloud Drive, notes, photos, reminders, Safari bookmarks, Siri Shortcuts, voice memos, Wallet passes, and iCloud emails.

That is a shocking amount of personal data that Apple could theoretically access, since it has the decryption keys, too. Again, the companys reasonable argument is that if this data were end-to-end encrypted, it couldnt help users restore it if they forgot their password. Still, a compromise solution would be to allow the user to choose to have the data end-to-end encrypted and assume the risks that come with it.

iCloud Drive is Apples cloud storage solutionits answer to the likes of Dropbox. iCloud Drive allows you to store your data in Apples cloud. But again, the data are merely encrypted. If Apple doesnt want to end-to-end encrypt all of iCloud Drive, it could still choose to offer users the best of both worlds.

iCloud Drive could contain a special partition, viewable as a folder, that is end-to-end encrypted by default. Any documents you drop there would automatically be end-to-end encrypted, too, while documents in other parts of your iCloud Drive would remain merely encrypted.

Many people have photos they would like to keep hidden from others. These may be intimate images meant for their partner, or photos of an odd bump theyve found that they want to share with their doctor. The last thing anyone wants is for these images to be visible when scrolling through an iPhones camera roll with a friend.

iOS currently has a built-in hidden folder option that removes the images placed into it from the camera roll. However, this hidden folder is laughably easy to access because its not locked behind a passwordits simply a setting you can toggle off in the Settings app. That means that anyone who has access to your phone can easily access the hidden folder and see the images inside.

Its baffling why Apple has not implemented the ability to lock this hidden folder behind a password, Face ID, or Touch ID. The fix is simple.

Another longtime request from users is the ability to lock any app behind Face ID or Touch ID. Right now, developers can choose to add Face ID or Touch ID authentication to their apps, so you cant access them without first authenticating yourself.

However, Apple should move this authentication option for apps to the system level and simply let users choose to lock any app behind Face ID or Touch IDno need for developers to implement it. This would be especially useful for apps that contain personal communications, such as email apps, and ones that hold photos and financial information, like Apples own Photos and Wallet apps.

In a similar vein, Apple should also implement the ability to lock files and folders on a Mac behind a password or Touch IDwhich most Macs now support.

Private Relay is an awesome privacy feature introduced last year for iCloud Plus subscribers. Its a cross between Tor and a VPN, and it keeps websites viewed in Safari from knowing your IP and exact location.

Unfortunately, Private Relay only works when you use the Safari browser. Apple should expand Private Relay so it also blocks apps from knowing your IP and exact location. This would give users much greater privacy protections, as many people access sitesFacebook and Reddit, for examplethrough their dedicated apps instead of through a browser.

Though Private Relay works great on an iPhone, it simply fails to work for many Mac users. If you have a VPN installedor even certain Safari extensionstheyll conflict with your ability to use Private Relay on a Mac, resulting in the frustrating error, Some of your system settings prevent Private Relay from working: Your system has extensions or settings installed that are incompatible with Private Relay. You are then instructed to click here for further informationyet the help article provides no information on what exactly is causing Private Relay to fail on your Mac, so you are left with the inability to use it.

Mail Privacy Protection is another killer privacy feature Apple has introduced recently. It loads remote email content privately in the background, preventing the sender from knowing your IP address and your location. Its a terrific way to prevent tracking pixels from snooping on iCloud email users.

But as with iCloud Private Relay, while Mail Privacy Protection works great on the iPhone, the same cant be said for the Mac. It seems as if most VPN software will stop Mail Privacy Protection from workingeven if the VPN client isnt active. In these instances, youll get the annoying error, Unable to load remote content privately, and be instructed to click a button to load the email content. Mac forums are rife with complaints about this drawback on the Mac. Mail Privacy Protection is a great feature; its just a shame it doesnt work for many macOS users.

When you take a photo with your iPhone, it embeds location, time, and date metadata into the file. Thats why youre able to view your photos chronologically and by location on a mapvery cool features.

However, by default, this metadata will remain in the photo when you text or email it to someone (CNET has an explainer for how you can manually strip it here). Apple should add a system setting that allows users to choose to have date and location metadata automatically stripped from photos as they get texted or emailed to someone. This would give you more privacy and security without having to remember to manually strip the metadata each time.

This feature would be a great way to protect your location privacy when sending photos to strangers (say, of an item in your garage that you are selling to a stranger on Craigslist). Metadata stripping is already common when posting photos to social media networks, and Apple should make it something you dont need to think about when sharing images via text and email.

Safari is one of the best browsers when it comes to privacy, but, bafflingly, it doesnt have an HTTPS-only mode.

HTTPS is a protocol that encrypts web traffic. If a site offers HTTPS, your data and actions on the site are encrypted from prying eyes. This is opposed to a site using the older HTTP protocol, which could allow prying eyes to see what you are doing. Most sites offer HTTPS nowadays, however, some still do not.

Browsers such as Firefox, offer a setting called HTTPS-only, which will block any non-HTTPS websites from loading (you can then choose to load the HTTP version after being made aware of the lack of HTTPS). Bafflingly, Safari doesnt offer such a security setting. Instead, Safari will only force a website to load the HTTPS versionif its available. If its not, Safari will load the HTTP version automatically.

If Safari wants to remain the privacy king of browsers, an HTTPS-only mode is a must.

In 2020, Apple introduced App Privacy Labels. Theyre viewable in an apps App Store listing and help you see what the app does with your data. However, if the data policies of an app change in the future, users who have already downloaded the app arent always notified by the developer.

To ensure that users are always up-to-date on any apps Privacy Label changes after theyve already downloaded the app, Apple should make the current Privacy Label for the app easily accessible from the Settings app in iOS. Users could even be notified when an installed apps Privacy Label changes. Think of this feature as an always up-to-date privacy scorecard for each installed app, readily available from a single location.

Apple is almost certain to dedicate some of its upcoming WWDC keynote to new privacy-preserving features. How many of my suggestions will make the cut? Some are more likely (enhanced iCloud Private Relay, photo metadata stripping) than others (iCloud end-to-end encryption). Its also likely that iOS, iPadOS, and MacOS will add privacy features other than those above. Well have to wait until the keynote on June 6 before we know for sure.

More:
Apple privacy features: What the company should add next - Fast Company