Inside Apple's move to ramp up security & privacy in iOS 12 & macOS Mojave
Apple used the Platforms State of the Union presentation to detail the privacy and security enhancements it will be including in macOS 10.14 and iOS 12, protecting even more types of user data and making it safer for users to download macOS apps away from the Mac App Store.
In iOS 12, users can be provided with strong passwords that are unique and complex, with the created password populating the password field automatically. The passwords will be offered in sign-up forms within apps, as well as through web forms in Safari, with the passwords synchronized across devices using the iCloud Keychain.
It will also be easier for users to retrieve their saved passwords, with a Siri request taking them to their password list. Users will also be warned if any of their self-created passwords have been reused on other existing accounts, minimizing the potential for an attacker leveraging credentials acquired from one service to access another.
Two-factor authentication will be more convenient, with iOS automatically copying the security code included in text messages to the required field in the app's log-in page. A new Password AutoFill extension will allow third-party password managers to supply passwords that can be quickly added with a tap.
Some elements will also be included in macOS Mojave, including Safari's automatic password creation, iCloud Keychain synchronization, and reused password flagging.
During the keynote, it was revealed users would need to provide permission to macOS apps in order to use an onboard camera and microphone, and to access data such as a user's Mail history and their Messages database. During the State of the Union, it was advised Apple is extending the need for permissions to cover Safari data, Time Machine and iTunes device backups, locations and routines, and system cookies.
Users will be able to make changes to permissions in the Security & Privacy section of their Mac's System Preferences.
For apps that are distributed outside the Mac App Store, Apple is introducing the option for developers to "Notarize" their apps. An extension to Apple's existing Developer ID program for verifying the creators of apps, developers can submit their apps to Apple for review, with notarized apps confirmed by the company to be free of malware and other hazards.
As well as providing an extra level of protection to users, notarizing apps will also make it easier to revoke specific compromised versions of apps compared to the existing signing certificate system, which can revoke all apps using the same certificate.
Apple advises that the notarization is not an app review process, but one that checks just for security issues. Developers are also warned that future versions of macOS will require Developer ID apps to be notarized before they can be installed.
For personal data protection online, Safari has an enhanced Intelligent Tracking Prevention feature that aims to reduce the number of data points advertisers can acquire. These make up a digital fingerprint, which can be used to track a user's movements online.
Safari's new protections include stopping social media buttons to "like" and "share" content from providing identifying information. Safari will also present advertisers with a set of simplified system information, one that makes the user's Mac look indistinguishable from other Safari users, increasing the difficulty of tracking users by making that data point practically unusable.
Apple has also confirmed macOS Mojave will be the last version of the operating system to support 32-bit apps "without compromises." Developers will need to migrate to 64-bit if they haven't already, if they wish for their apps to be usable with future macOS releases.