Data privacy in iOS 13 and macOS Catalina

Visitors to Apple’s website in the last few days would be forgiven if they thought that Apple had a bee in its bonnet about privacy. The company is promoting the latest iterations of macOS (née OS X, née Mac OS X) and iOS as the platforms that assure privacy.

That’s a reflection of concerns that businesses and users are experiencing, after several incidents at the hands of large, data-based companies like Facebook and Google.

Here’s an excerpt from the main byline for iOS 13, announced at the recent Apple Event, for example:

“[…] Explore fun and functional updates […] as well as new features to help you manage your privacy and security.”

Users will be notified if, for example, apps continue to track location in the background, giving a choice to revoke that privilege if required. Enterprise users can take advantage of data separation, which claims to maintain users’ privacy by keeping personal and business use data and apps in discrete areas of the OS.

Does Apple keep data safe?

BYOD devices can be “enrolled” by centralized management facilities, and employees can use Apple IDs created by their employers to access remote services and data, like company iCloud Drive volumes. So far, so promising.

This aged really badly after this week's reveal of a $1000 USD monitor stand. pic.twitter.com/z1F1jhR2vq

— You Had One Job (@_youhadonejob1) June 5, 2019

Of course, there’s a great deal that involves people and organizations buying more Apple hardware: the company’s two-factor authentication has meant for a long time that Apple hardware users needing to authenticate need a second expensive device to prove their identity.

Moreover, Cupertino’s new “Sign In with Apple” (like the “Sign in With Facebook / Google / Twitter” that are ubiquitous on many services’ landing pages) will need Apple hardware to provide authentication to prove the signer’s credentials. If you’re browsing the web, or using an Android device and want to use the facility, you’ll need to have your face or fingerprint scanned by iPhone, iPad, or MacBook.

But nevertheless, Apple seems to be focusing on privacy and security like it’s never really done before. The preview description of iOS 13 contains no fewer than 17 references to “secure”, “security”, “privacy” and “private” on a single page – albeit a long one. Despite some deliberately targeted blog posts from Mark Zuckerberg in the last few months, Facebook has, in particular, taken a significant hit on its reputation; not, however, on its number of users.

Data privacy, anonymity, and security

It takes full immersion in the world of technology to even begin to get to grips with the complexities of anonymity, identity, privacy, security and the ways data is used in today’s internet. In the minds of many users, privacy and data protection come down to two issues: will “the internet” steal my credit card details, and will Google / Facebook / Twitter / Instagram/ LinkedIn / Telegram / WhatsApp [delete as appropriate] use my data to sell me stuff?

The former question is mostly irrelevant with regards the big social media and online platforms: it’s the smaller online stores and other less well-known services that are suspected as being conduits to having one’s bank account emptied. To the latter question, the common response is a combination of “they do already,” or “so what if they do?”

However, as the Cambridge Analytica scandal showed, the big internet companies sell data on to other parties, with (it seems) the single criterion of “do they have money?” That incident and many similar occurrences also showed that some companies don’t so much buy lumps of demarcated data, but rather are granted access to the data vaults of the company in question with little meaningful oversight as to what’s being scraped.

Will Apple sell data?

Apple is stating up front that its users’ data is not shared or sold – or won’t be, come the new iterations of its OSes. However, with iPhone sales waning, and new services due to come online like Apple TV+, some industry commentators are guessing that Apple’s business model is to become more service- (aka data-) oriented.

The problem with that is Apple will, if suppositions come good, be pushing services like Apple Business Chat. If it’s competing with services like WhatsApp Businesses, offering less sensitive data to paying organizations than its competitors will be a huge turn-off for prospective new clients, and put pressure on Apple to relax its morals.

Apple may well be trying to spearhead a better corporate stance towards security and privacy, but in the world of commercial realities, “nice guys finish last.”

Its cleaner-than-clean image on that particular score may start out pristine, but wait and see how long before the tarnish sets in. Keep a careful eye on any changes to Apple’s Terms & Conditions over the next 18 months. The devil’s in the small print; and who reads that?