Privacy and security war will go on for years, says Craig Federighi

By Malcolm Owen

Maintaining security and privacy for Apple's users will be a "battle we will be fighting for years to come," according to SVP of software engineering Craig Federighi.

Privacy and security continue to be a major element of Apple's work in developing operating systems like iOS and macOS. In an interview, Apple's Craig Federighi went into detail about some of the changes, and App Tracking Transparency.

On the topic of security being a cat-and-mouse game, Federighi offered to Fast Company in an interview. "The incentives for innovation in the exploitation world are high, and so there is a lot of advancement in the art of tracking; a lot of advancement in the arts of security exploits."

Apple will still bring "a lot of tools to that fight, and we can largely stay ahead of it and protect our customers," but the executive believes it's a problem that will be around or years.

The development of Apple's new iCloud Private Relay feature, which expands on typical VPN features, is one that attempts to solve flaws that still exist with VPN usage. These include having to trust the VPN is legitimate and isn't performing any tracking or misusing data.

For iCloud Private Relay, a dual-hop architecture is used where Apple encrypts the URL of the website the user wants to visit, and anonymizes the IP address. The encrypted URL and the user's anonymized IP address are sent to an intermediary relay station operated by a trusted third-party partner, which then decrypts the URL and ferries data from the site back to the user.

"Core to the nature of the internet is that the IP address is traditionally exposed between the requester and the host - and that has some privacy knock on effects that aren't always understandable to users and certainly aren't always desirable to users," said Federighi.

He continued "VPNs are a technology that has sought to provide some of those protections, but they do involve putting a lot of trust in a single centralized entity: the VPN provider. And that's a lot of responsibility for that intermediary, and involves the user making a really difficult trust decision about exposing all of that information to a single entity."

Following the release of App tracking Transparency in iOS, reports claimed that the feature boasted an almost 95% opt-out rate. Federighi declined to confirm the statistic, but did say Apple wasn't hoping most users would opt out, nor to actively try to harm the advertising industry.

"The key for us is that users have a choice," he insists. "You know, whether if it was 50/50 or 95/5 or 5/95- that's all fine if it represents what the user actually wanted; that they had the opportunity to evaluate that decision and make whatever decision was right for them."

The interview shifted towards government regulation, and how they are reactionary rather than proactive about privacy. On whether Apple has a need to take the lead on privacy, Federighi said "I'd certainly like to believe that we're doing good and play a constructive role here, for sure, [but] I do think Apple has a set of different tools, naturally, than governments have."

These tools include "certain technology skills and a certain access to an end-to-end technology platform where we can innovate."

However, he also believes "there's absolutely a role where government can look at what companies like Apple are doing and say You know, that thing is such a universal good - such an important recognition of customer rights - and Apple has proven it's possible. So maybe it should be something that becomes a more of a requirement."

Follow all of WWDC 2021 with comprehensive AppleInsider coverage of the week-long event from June 7 through June 11, including details on iOS 15, iPadOS 15, watchOS 8, macOS Monterey and more.

Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get the latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.