Security Architecture, Application security, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Governance, Risk and Compliance, Compliance Management, Privacy, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Apple discloses new protections against snoopy apps and websites at WWDC event

Apple's newest enhancements to its Safari browser will inhibit websites and apps -- including Facebook -- from using cookies and fingerprinting techniques to track users across the internet.

And the latest version of macOS will extend its own data privacy protections as well, said Craig Federrighi, Apple's senior vice president of Software Engineering, who detailed these innovations in a keynote presentation at the company's Worldwide Developers Conference in San Jose on Monday.

The new version of Safari will be available for both the upcoming releases of macOS 10.14, aka Mojave, and iOS 12. Clearly alluding to Facebook, which has been mired in data sharing and privacy scandals, Federrighi said that Safari will soon send notifications to users if they interact with an app or website feature that can track them across websites, or if that feature attempts to access user information without any interaction. The users can then decide if they wish to keep their data private.

During his demonstration, Federrighi displayed an example of such a pop-up notification, which read: "Do you want to allow 'facebook.com' to use cookies and website data while browsing 'blabbermouth.net'? This will allow 'facebook.com' to track your activity."

Safari will also hinder companies' ability to employ fingerprinting techniques that identify website visitors based on their devices' unique characteristics, including configurations, font installations, and plug-ins.

With the enhanced browser, "We're making it much harder for trackers to create a unique fingerprint," said Federrighi. "We're presenting webpages with only a simplified system configuration. We show them only built-in fonts, and legacy plug-ins areno longer supported so those can't contribute to a fingerprint. And as a result your Mac will look more like everyone else's Mac, and it will be dramatically more difficult for data companies to identify your device and track you."

Meanwhile, macOS Mojave, which is slated for release in the Fall of 2018, will expand Apple's API-level data protections, which ask the user permission before granting apps access to specific data or features such as user location, contacts, photos, calendar and reminders.

Soon these protections will also apply, by default, to the camera, microphone, mail database, message history, Safari database, Time Machine and iTunes device back-ups, locations and routines, and system cookies.

One privacy-preserving feature that was not referenced at the event is USB Restricted mode, which according to a June 4 report by Motherboard is rumored to be coming to iOS 12, after Apple included it in previous iOS beta releases.

USB Restricted Mode is apparently designed to thwart tools like Cellebrite and GrayKey, which law enforcement officials use to break into iPhones belonging to suspected criminals or terrorists. The protection works by forcing users to unlock their iPhones with a password whenever connecting to a USB accessory, provided the phone has stayed locked for at least one hour.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.