Apple Flexes Its Privacy Muscles

Posted under: Research and Analysis

Apple events follow a very consistent pattern that rarely changes beyond the details of the content. This consistency becomes its own language. Attend enough events and you start to pick up the deliberate undertones that Apple wants to communicate, but not directly express. They are the facial and body expressions beneath the words of the slides, demos, and videos.

Five years ago I walked out of the WWDC keynote with a feeling that those undertones were screaming a momentous shift in Apple’s direction. That privacy was emerging as a foundational principle for the company. I wrote up my thoughts in this piece in Macworld laying out my interpretation of Apple’s privacy principles. Privacy rose in importance years before at Apple, but that WWDC keynote was the first time they very clearly articulated that privacy not only mattered, but was being built into their foundational technologies.

This year I sat in the WWDC keynote, reading the undertones, and realized that Apple was upping their privacy game to levels never before seen from a major technology company. That beyond improving privacy in their own products, the company is starting to use their market strength to pulse privacy throughout the tendrils that touch the Apple ecosystem.

Regardless of motivations, be it altruism, the personal principles of Apple executives, or a shrewd business strategy, Apple’s stance on privacy is historic and unique in the annals of consumer technology. The real question now isn’t if they can succeed at a technical level, but if Apple’s privacy push can withstand the upcoming onslaught from governments, regulators, the courts, and its competitors.

Apple states they believe that privacy is a human right. Yet history is strewn with the remains of well-intentioned champions of these rights.

How privacy at Apple changed at WWDC19

When discussing these shifts in strategy, be it at Apple or any other technology firm, it’s important to keep in mind that the changes typically start years earlier and are more gradual than we perceive them. In the case of Apple the company’s privacy extension efforts started at least a couple years before WWDC14 when Apple first started requiring privacy protections to participate in HomeKit and HealthKit.

The most obvious push out of WWDC19 is Sign in with Apple, which offers benefits to both consumers and developers. In additional sessions at WWDC it was clear that Apple is using a carrot and stick approach to the service when it comes to developers; developers are required to use the service when they include competing offerings from Google and Facebook, but in exchange they also gain built-in fraud prevention. Every AppleID is already vetted by Apple and secured with two-factor authentication, and Apple provides developers with the digital equivalent of a thumbs up or down if they think the connection is from a real human being. Considering Apple uses similar mechanisms for iCloud activity, iTunes, and App Store purchases the odds are this is an effective indicator.

Apple also emphasized they extend this privacy to the developers themselves. That it isn’t Apple’s business to know how developers engage with their users in their apps. Apple serves as an authentication provider and collects no telemetry on user activity. This isn’t to say that Google and Facebook abuse their authentication services, Google denies this accusation and also offers features to detect suspicious activity. Facebook, on the other hand, famously abused phone numbers supplied for two-factor authentication.

The difference between Sign in with Apple and previous privacy requirements within the iOS and Mac ecosystems is that the feature extends the privacy beyond Apple’s walled garden. Previous requirements, from HomeKit to data usage by apps in the App Store, really only applied to Apps on Apple devices. While this is technically true for Sign in with Apple, practically speaking the implications extend MUCH further.

When developers add Apple as an authentication provider on iOS they also need to add it on other platforms if they expect those customers to ever use anything than just an Apple device. Either that or support a horrible user experience (which, I hate to say, we will likely see a lot of). Once you create your account with that AppleID there are technical complexities in supporting that same user account with alternative login credentials. Thus those providers will likely support Sign in with Apple across their different platforms, extending the inherent privacy beyond the garden.

Beyond Sign-in

Privacy permeated WWDC19 in both words and features, but two stand out as additional examples of Apple extending their privacy reach: an important update to intelligent tracking prevention for advertisers, and HomeKit Secure Video. Privacy preserving ad click attribution pushes privacy into the ugly advertising tracking market, and HomeKit Secure Video offers a new privacy-respecting foundation for any video security firms that want to be feature competitive yet don’t want the mess of building their own back-end cloud services.

Intelligent tracking prevention is a feature of Safari to reduce the ability of services to track users across different websites. The idea being you can and should be able to enable cookies for a trusted site without having additional trackers then monitor you through the rest of your browsing to other sites. Cross-site tracking is epidemic, with many sites supporting sometimes dozens of trackers. This is largely to support advertising and one key marketing metric – did an ad lead to you visit the target site and buy something?

Effective tracking prevention is an existential risk to online advertisements and the sites that rely on them for income, but this is almost completely the fault of these overly-intrusive companies. While intelligent tracking prevention (combined with other browser privacy and security features) is the stick, privacy preserving ad click attribution is the carrot. This allows advertisers to track conversion rates without invading privacy. An upcoming feature of Safari (and a proposed web standard) the browser will remember ad clicks for seven days. If a purchase is made within that time period it is marked as a potential ad conversion (sale). This is then reported as a delayed ephemeral post to the search or advertising provider using a limited set of IDs that can’t be tracked to the actual user, and after a semi-random time delay to further limit user identification.

By providing a privacy-preserving advertising technology installed by default on one of the most important and popular web browsers on the planet, then opening it as an open standard, all while making herculean efforts to block invasive forms of tracking, Apple is again leveraging their market position to improve privacy beyond their walls. What’s most interesting is that unlike Sign in with Apple, this improves privacy without completely targeting the business model of their advertising-driven competitors like Google. Google can use this same technology and still track ad conversions, and Apple still supports user-manageable ad identifiers for targeted advertisements. Although a cynic might wonder if more-accurate conversion metrics could hurt advertisers that inflate those numbers.

HomeKit security cameras also get a privacy-preserving update with Catalina and iOS 13. I’m a heavy user of cameras myself, even though they are only marginally useful at preventing crime. Nearly all these systems record to the cloud (including my Arlo cameras). This is a feature you generally want, as shown in innumerable crime shows where they steal the tapes. The providers also use cloud processing to identify people vs. animals vs. vehicles and offer other useful features. Like many customers I’m not thrilled the providers also have access to my videos, which is one reason none of them run inside my home when anyone is home.

HomeKit Secure Video will end to end encrypt video from supported cameras and store the video in iCloud, for free, for 10 days without impacting iCloud storage limits. If you have an Apple TV or iPad on your network it will use that for machine learning analysis and image recognition instead of performing any analysis in the cloud. This is an interesting area for Apple to step into because it certainly doesn’t seem like the sort of thing that will drive profits since Apple doesn’t sell their own cameras, and security camera support isn’t exactly a motivator when picking your phone or tablet. It’s almost like some Apple executive and engineers were personally creeped out by the lack of privacy protection for existing camera systems and said, “let’s fix this”.

The key to HomeKit Secure Video is that it opens the security video market to a wider range of competitors while protecting consumer privacy. This is a platform, not a product, and it eliminates the need for manufacturers to build their own back-end cloud service and machine learning capabilities. Less friction to market with better customer privacy.

Apple created a culture of privacy, but will it survive?

These are only a few highlights that demonstrate Apple’s extension of privacy beyond their direct ecosystem, but WWDC was filled with quite a bit more. Apple continues to expand existing privacy features across all their platforms, including the new offline Find My device tracking tool. They now block access to WiFi and Bluetooth data on iOS unless it’s needed as a core feature for the app since they noticed it was being abused for location tracking. Users can also now track the trackers and see when even approved apps accessed their location. The upcoming Apple credit card is the closest thing we can get to a privacy respecting payment option. Developers will soon be able to mandate that speech recognition in their apps runs on-device, never being exposed to the cloud. Privacy enhancements permeate Apple’s upcoming updates, and that’s before we hear anything about new hardware. Apple even dedicated an entire WWDC session not only to their own updates, but examples of how developers can adopt Apple’s thinking to improve privacy within their own apps.

During John Guber’s The Talk Show Live, Craig Federighi stated that Apple’s focus on privacy started back in their earliest days when the company was founded on creating “personal” computers. Maybe it did, maybe it didn’t, but Apple certainly didn’t build a real culture of privacy (or any technical protections) until the start of the iPhone era. When Microsoft launched their highly successful Trustworthy Computing Initiative in 2002 and reversed the poor security record of the company, one of the founding principles was “Secure by Design”. During Apple’s developer-focused Platform State of the Unionsession privacy took center stage as Apple talked about “Privacy by Design”.

Apple and other tech firms have already run into resistance when building secure and private devices and services. Countries, including Australia, are passing laws to break end to end encryption and require device backdoors. U.S. law enforcement officials have been laying the groundwork for years to push for laws to allow their access, even knowing it would then be impossible to guarantee device security. China requires Apple and other non-Chinese cloud providers to hand over their data centers to Chinese companies who can then feed information to the government. Apple’s competitors aren’t sitting by idly, with Google’s Sundar Pichai muddling the waters in a New York Times opinion piece that equates Google security with privacy, and positioning Apple’s version of privacy as a luxury good. While Google’s security is industry-leading, equating that with the kind of privacy offered by Apple is disingenuous at best.

The global forces arrayed against personal privacy are legion. From advertising companies and marketing firms, to governments, to telecommunication providers that monitor all our internet traffic and locations, to the financial services industry, and even to grocery stores offering minor discounts if you just let them correlate all your buying to your phone number. While we have some control over some of this tracking, practically speaking we have little control over most of it, and even less insight into how it is used. It’s a safe bet that many of these organizations will push back hard against Apple, and by extension any of us that care about and want to control our own privacy.

Calling privacy a fundamental human right is as strong as a position any company or individual can take. It was one thing for Apple to build privacy into its own ecosystem, but as they extend this privacy outside their walls it is up to us to decide for ourselves if we consider these protections meaningful and worthy of support. I know where I stand, but I also recognize that privacy is highly personal and I shouldn’t assume a majority of the world feels the same, or that Apple’s efforts will survive the challenges of the next decades.

It’s in our hands now.

– Rich
(0) Comments
Subscribe to our daily email digest

*** This is a Security Bloggers Network syndicated blog from Securosis Blog authored by [email protected] (Securosis). Read the original post at:

Secure Coding Practices