Privacy at WWDC21
Apple’s keynote kicked off their Worldwide Developer Conference (WWDC) with a two hour keynote covering the new versions of all of Apple operating systems (OS);
There were a number of new features in each OS but the flashiest new features are present in all these systems helping link them together. Things like SharePlay, Universal Control, Live Text, Siri improvements, iCloud+, and more.
One of the key themes of the keynote was privacy. That in itself it’s an exciting advancement. This is a major event for Apple and having privacy as a primary message is a signal to the rest of the industry that this is a critical issue.
In this post, we’re going to dive deeper into this area of the technology and messaging.
Apple has been very public in its stance on privacy. Currently in a fight with Facebook around the issue, Apple has been pushing the message that they value user privacy and want to provide the controls for you to manage your own data exposure.
This messaging focuses on four primary pillars;
- Data minimization
- On-device processing
- Transparency and control
- Security protections
Apple recapped these principles in a WWDC session this week. In short, the idea is to capture less data, let users know what is being captured, keep that data as local as possible, and use a strong, defense in depth security posture.
That’s a solid set of principles to guide all software and hardware design decisions for Apple and app developers.
Apple announced new features in the keynote and in subsequent sessions to advance these principles and some of them are already causing waves (like App Tracking Transparency did) even though the features are three or more months away from launching.
App Tracking Transparency
Speaking of which, already launched with iOS 14.5, App Tracking Transparency was re-clarified during the “Apple’s privacy pillars in focus” session. This section starts at 19:44 and reinforced a critical aspect of this feature that everyone should know about.
While the technical enforcement behind the prompt stops apps from accessing the IDFA, the prompt covers ALL tracking activities.
If a user asks an app not to track them, no tracking of any sort should take place.
App Privacy Report
The App Privacy Report will provide a similar experience to the current Safari Privacy Report. The goal is to expose the use of the permissions you’ve granted the app.
In the current versions of iOS and iPad OS there is no visibility into how often an app is using the permissions, simply that is has access to photos or the camera, etc.
Shining a light on permission use is a great move. However, the real advantage to this feature is the exposure of the network domains that the app is talking to and the websites that you’ve visited via the app.
This will help highlight any tracking attempts by the app as well as any potential data leakage.
Unfortunately it will not be available at launch for iOS 15 and will be off by default when it does launch. No idea why on either count.
Siri works ok-ish.
It’s not amazing but it’s not as horrible as it once was. Which, given how far it has come is actually high praise.
The reason? Siri tries to bridge the world of cloud processing while adhering to Apple’s privacy principles of on-device processing and data minimization.
Well, things are going to get a bit better in the fall.
All audio processing is being moved onto the device. This means that the recording of your voice won’t leave your device which will increase your privacy and fix one of my biggest pet peeves with Siri.
Right now, if I ask Siri to set a timer (honestly, my #1 use of the assistant), that request is sent to the cloud backend, processed, and a machine readable version of the request is sent back to my device. This takes time and only works when you’re connected to the internet.
With this update, Siri will now leverage the neural engine in the Apple Silicon powering your device to process the audio locally. Essentially that this means is that Apple has trained the voice recognition models to the point where they can be deployed widely.
No information yet if this extends to the dictation features of the operating systems or not. 🤞 Fingers crossed that it does because even if it doesn’t increase accuracy, it should at least improve response times.
iCloud Private Relay
iCloud Private Relay is a feature of Safari for iCloud+ subscribers, which means you’re going to have to pay to access it.
In general, I don’t like making users pay for improved security or privacy in products they are already paying for. But there are potentially significant back end costs associated with this service, so let’s put that aside for the now.
This feature is designed to help shield your online activity from ad tech companies and network providers (who often sell this data to data brokers working with the ad tech industry).
It’s an elegant solution as the user doesn’t really notice any difference in their day-to-day browsing. But behind the scenes, there’s a lot going on to protect you and your privacy.
Here are the technical aspects:
- All internet connections are encrypted
- IP addresses no longer identify you
- IP address location is protected
- No single company can see what you do
All traffic is funneled through at least two proxies to safely hide your involvement with these network requests. The system is designed so that not even Apple can reconstruct your web activity. The services in use behind the scenes (reported Akamai and CloudFlare Warp) have a massive network of points of presence around the world.
Apple leverages this reach in order to provide reasonably local IPs to allow a loose location response from a site. This helps when searching for retail and other searches where the user wants a local response.
There’s a lot more going on under the hood but needless to say that this is an impressive design. This system again aligns with Apple’s privacy goals where all of your data is on your device and the services that you use, have as little data about you as possible.
If you’re wondering how this will impact lawful access…it’s the same approach that Apple has always taken.
Your device will still have a record of what you’ve done and physical access to that device will be sufficient for any legal action. You will hear arguments against this similar to what we see with end-to-end encryption but as a security and privacy professional, I think this is a reasonable balance.
Mail Privacy Protection & Hide My Email
As part of the new iCloud+ experience, when a user is prompted to enter an email address anywhere (in an app or a website), they will now have the option to use the “Hide My Email” service. This sets up a random email alias that will forward emails to the users actual address.
The app gets the random email alias and the user gets a cleaner inbox. No word yet on if this only works with iCloud email (which will now support custom domains) or if you can use it with another email provider. It would be easy enough to setup a forward though if 3rd party email isn’t supported.
Staying with email, Apple is also introducing “Mail Privacy Protection.” This feature “opens” every email automatically via a proxy service that strips out IP address and HTTP header information.
This prevents most email open rate tracking and other metrics by providing no information or inaccurate information back to the sender.
This won’t affect your day-to-day emails but it already has the marketing industry in a bit of an uproar. Mail Privacy Protection is this years App Tracking Transparency.
Casey Newton has a reasonable overview of the situation for The Verge in, “Will Apple end the newsletter boom?” and Nieman Lab has post breaking down this announcement and more for a broad view of the impact on news publishers in, “A packed set of Apple announcements could have big impacts on news publishers — for good and for ill”
The key takeaway here is that this isn’t a perfect or complete solution.
Again, what Apple is doing is shining a light on a widespread, existing privacy problem. This should generate enough of a response from consumers that the industry will take action.
This is a tactic that obviously worked with App Tracking Transparency and should work again with these key privacy issues around email. Kudos to Apple for raising the bar.
More details in this WWDC session, “Apple’s privacy pillars in focus” at 10:42.
Apple is pushing their privacy message at every opportunity. While there is definitely a marketing aspect of this, there are real technology improvements driving that message that will help improve user privacy.
Are these technologies perfect? No.
Are there areas where Apple bends things to their advantage? Yes.
But that doesn’t change the impact these move are having on the community.
The real key here is that Apple is driving the conversation around privacy.
This is a conversation that is long overdue. Our physical and digital worlds are intertwine but the digital one is so complex that users have no awareness or broad understanding of activities—like ad tech and common marketing workflows—which are happening constantly.
Regardless of the edge cases around these issues, that Apple is pushing towards a vision where users are aware of their data and what’s happening to it.
Making that vision a reality is a huge win for privacy and security…even if it one small step at a time.