iOS 14 security innovations - in the eyes of a security specialist.

October 2020

iOS 14 security innovations - in the eyes of a security specialist.


This iOS is quite unusual - not only because of the fact that it is independent, the previous versions have been releasing together with the new iPhones, but also because of the speed of development. No one expected the system to be showcased this early. In this article, we will tell you about the security features of a new version of iOS.

Approximate geo-position
One of the most interesting features - now apps that want to know your position all the time will be slightly limited. In iOS14 users will be able to allow apps to receive only the approximate position, to be more precise - the app will get the info that you’re somewhere in the circle with a radius of 3 kilometers.

Why is it so important? A lot of independent developers just love profiling users to sell this data. This profile may contain data about your position too if the user agreed with that during the installation. And this kind of access is often given to apps like Microsoft’s OneDrive and we’re not even talking about forecast apps and apps for buying tickets. All these factors create quite a funny situation - previous versions of iOS limit the frequency of access to the geo-position sensors, but when there are a lot of apps on your phone and some of them use the same “spying” SDK’s - it allows to imagine user’s history of movements quite accurate.

Apple’s marketing materials say that for local news and forecast services this level of accuracy is enough. But in my opinion, this data could be roughened even more without any issues.

Limited media access
In this new version of iOS, users will be able to limit the application’s level of access to media on the phone. If on the older versions of the system there was a choice looked like “all or nothing”, the new system allows user to give access not only to all photos and videos but to an individual too. Accessing individual photos is useful if all you want to do is send a specific photo to chat, create an avatar, or edit a photo in a new free editor with the rudiments of artificial intelligence.

IOS 14 (3).jpg    IOS 14 (2).jpg


Fixed issue with clipboard privacy
Earlier this year security researchers Talal Haj Bakry and Tommy Musk have found the confidentiality issue with the iOS clipboard. The problem is - there are 53 apps found that continually monitor your contents of the clipboard for no reason. The most interesting part - is that in the radius of three meters devices of an Apple ecosystem have shared universal clipboard and this potentially creates a possibility to steal your personal data like one-time security passwords, link addresses, and many other things which are not supposed for owners of Tik Tok, LinkedIn and so on.
Apple did not recognize the problem: from the point of view of the iOS ideology, the shared clipboard should be available for all applications on the system without any additional permissions. IOS 14, however, has made changes recommended by security experts. The system now displays a small banner notifying when the application reads the contents of the clipboard.

IOS 14 (4).jpg


Microphone and camera indicators
One of the next security features - little orange and green dots which show the activity of the microphone and the camera respectively.

IOS 14 (1).jpg


This suits the current trend very well since the new MacBooks with the T2 chip are disabling the microphone on a hardware level when the lid is closed. Unlike pop-up clipboard access banners, colored dots won’t annoy users. The ideal solution would be a colored LED indicator, which, unfortunately, Apple does not like so much.

Local autocomplete contacts

When filling in the standard fields in applications (name, address, and email), iOS 14 users will not need to “share” a contact. Now you just need to enter the name of the contact from the address book, and the system will automatically fill in the rest of the fields. Autocomplete works locally on the device itself.

Local voice recognition

Recognition of voice input when dictating using a standard keyboard now occurs locally, on the device itself. By the way, in iOS 13 offline dictation mode was supported for all devices (but only for English), and the new “on-device recognition” mode, which supports multiple languages, requires an iPhone Xs or newer device.

Safari privacy report

Now Safari will let you know how the websites are tracking user’s behavior. You can view information both for an individual website and for each specific tracker trying to compile your profile by tracking open pages. This kind of analysis was previously available exclusively in third-party ad blockers, and even then not on every platform.

Conclusion

As always, a notable part of the user protection mechanisms added to iOS is Apple’s reaction to the emerging circumstances or its own implementation of competitors’ analogs. However, there is still something new and interesting in iOS 14 in terms of privacy. It is a pity that the most significant innovations limiting the ability of applications to follow the user through advertising SDKs were not included in the official release: we will not see any progress in this direction, if at all, until next year.


Back to the list

Your message has been received!