Apple on Tuesday updated its privacy policy with new information regarding features in iOS 9 and OS X El Capitan.
Using clear language, the company attempts to set itself apart from rivals by noting that it doesn’t build profiles about its customers to sell to advertisers.
For example, unlike Google Maps, which tracks a user’s journey end to end, Apple Maps separates data about users’ trips into segments that are not linked.
The Apple News app collects data on what users read, like the Google News app. Unlike its Google counterpart, however, it doesn’t tie reading habits to a user’s account, and it uses a unique identifier that functions only within the news app so the user’s identity is protected.
Stronger Security
Six-digit passcodes are the new default on Touch ID-enabled iPhones, raising the number of possible combinations to 1 million from the 10,000 combos offered by four-digit passcodes.
Two-step verification protection has been extended from customers’ Apple ID account information to all the data they store and update in iCloud.
Activation Lock, which is built into iOS’s Find My iPhone feature, can prevent an iOS device from being reactivated and used without its owner’s permission and works with the Apple Watch.
Data on Apple devices is encrypted, as are Siri’s predictive capabilities, which are stored on users’ devices, not in the cloud. The encryption keys are protected with the user’s passcode.
FaceTime calls and iMessages are protected with end-to-end encryption.
Apple also employs anonymizing cutouts. For example, if Siri pulls data from Apple’s servers to offer users suggestions, anonymized rotating identifiers are used so that locations and searches can’t be traced to the user.
Smoke and Mirrors
These features don’t impress Mukul Krishna, digital media senior global director at Frost & Sullivan.
Apple’s announcement is “a clever marketing ploy,” he told TechNewsWorld. “There’s no such thing in the tech world as 100 percent security.”
Digital goods can be stolen without being physically taken, and that has changed the definition of security, said Avni Rambhia, an industry principal at Frost.
“Now the question is, can someone read or copy or replicate digital goods within a certain framework of time with a certain set of tools without realizing it was done?” she told TechNewsWorld.
Nearly a quarter of a million iOS device users around the world found out the hard way how easily digital goods can be taken when KeyRaider malware stole their accounts in August.
The victims owned jailbroken iOS devices, and the malware was distributed through third-party Cydia repositories in China.
Users could do little to protect themselves from the KeyRaider hack, said Gavin Reid, vice president of threat intelligence at Lancope.
The fix “is better care from application developers to security, and better verification from Apple,” he told TechNewsWorld.
No Mobile Phone is Safe
In general, though, mobile devices just aren’t safe. Vulnerabilities in the Signaling System 7 protocol let third parties listen in to cell phone calls and intercept text messages despite encryption.
Surveillance systems that use SS7 to locate callers anywhere in the world are readily available for purchase on the Internet. One such is SkyLock from Verint.
Other tracking systems also are available. For example, $27 monitoring software from Cell Safe lets users monitor calls, texts and emails, and view photos and contacts lists on a target’s cell phone.
A Virtue Out of Necessity?
Still, there’s no question that Apple needed to improve its security and privacy practices. Last year, hackers broke into the accounts of more than 100 celebrities and published their private photos online.
The hack was carried out through a brute-force attack, which would render even a six-digit passcode invalid.
“Collectively we need to move beyond 20-year-old password technology,” John Gunn, vice president of communications at Vasco Data Security, told TechNewsWorld “and embrace modern authentication techniques that are far more secure and actually easier for users than traditional passwords.”