During Apple’s two-and-a-half hour WWDC keynote, we were treated to lots of great moments. Craig Federighi’s quip about how bloated iTunes has become. The introduction of iPadOS. And of course, the new Mac Pro.
But the theme of the show was a familiar one: privacy. For the past several years, Apple has hammered home its belief in our devices and data staying in our hands, but at WWDC, Apple put its privacy where its mouth is. Rather than rehashing themes or trotting out the usual rhetoric, Apple gave privacy a central role in every new product it announced, drawing attention to both how our devices protect our data and what could be a target.
Anyone can talk a good privacy game, but Apple is one of the few companies that is actually taking action. While Apple didn’t specifically mention Google or Facebook when talking about any of the new privacy features, the line in the sand between them and Apple became even deeper with features like one-time location sharing and background tracking alerts.
Apple’s privacy push extends to watchOS, too. One of the main features is an app called Noise, which routinely monitors background sound and alerts you when a sustained sound might be damaging to your hearing. It’s the kind of surprise-and-delight feature only Apple would think of putting in a smartwatch—let alone attempt to implement in an existing consumer product at a massive scale—but Apple also considered something most people wouldn’t think of: All of Noise’s audio processing are done in real time, and Apple doesn’t record or save any of the sounds it hears.
For any other company, that’s not a day one feature. It’s something that’s added following an apology when someone uncovers a secret trove of audio recordings on a server. Or even worse, after said recordings are stolen as part of a hack. The Noise app announcement could have came and went without a promise of privacy and no one would have questioned it. No one would have even thought of it.
Apple thought of a bunch of other things too. Click on any of the WWDC software announcements and you’ll find a section devoted to privacy. Apple is committed to making privacy and tracking simple, automatic, and easy to understand and limit, a stark difference to the way things work on all those other phones. And now Apple isn’t limiting privacy to iPhone users anymore.
Single, simple, and secure sign-ins
One of the low-key killer WWDC announcements is Sign In with Apple. Similar to the programs already offered by Google, Facebook, Twitter and others, the Sign In with Apple button will let you use your Apple ID to log into apps and websites without needing to set up a new account or create a new password.
But convenience is only part of what makes Sign In with Apple such an excellent feature. Apple has baked privacy and security so deep into Sign In with Apple that it won’t work unless your account is protected with two-factor authentication. It uses Face ID or Touch ID on the iPhone and iPad. The coolest feature of all: you can opt to use a fake email address that forwards to your real one so the service you’re signing into won’t have access to your contact info.
And of course, neither does Apple. To make sure developers adopt it, Apple is requiring it for all iOS apps that offer a sign-in option. Apple’s received a bit of criticism for making it mandatory, but I’m all for it. Yes, Apple customers are more likely to click the Sign In with Apple button, but that also means they’ll have a protected account. According to Aaron Parecki of Okta, who made a test app to try it out, Sign In with Apple prompts for a 2FA code every time you log into an app, which could get tedious for apps and devices that don’t use biometric authentication, but it’s a necessary step for insuring security.
Parecki also writes, “The only piece of useful data in the claims really is the sub value. This is the unique identifier for the user. It’s notable that this value doesn’t mean anything in particular, which is Apple’s way of preserving user privacy.” That means developers can track how often a certain user is signing into their service, but they won’t know who that user is.
Simply put, that’s a massive step forward for privacy. Developers may gripe that it’s a requirement it—and the rumor that Apple is forcing developers to put Sign in with Apple at the top of the list might go a little too far—but there’s no downside for users here. They can log into their favorite accounts and be protected from both prying eyes and unscrupulous developers. Truth be told, we don’t know what Google, Facebook, and developers are doing with the emails and info they get when you use an “easy” button to log in. With Sign In with Apple, we do know: nothing.
Apple privacy everywhere
Apple has long hammered home the belief that the iPhone is the most secure smartphone on the planet, but for the first time, it’s extending that beyond Siri and iCloud encryption. With Sign In with Apple, the privacy that you get with Apple apps to the other services we use.
You don’t even need an Apple device to take advantage of it. Apple will be allowing Sign In with Apple buttons for web log-ins as well, so people on Android and Windows could be using it as well, enjoying iPhone-caliber privacy without an Apple device. And I’m willing to bet Apple is working on taking it even further. I could see iOS 14 bringing an Apple Authenticator app for generating unique codes across platforms and apps. Or maybe just turning the Apple Watch into a Bluetooth security key.
Apple often says that privacy is a right and not a privilege. With iOS 13 and Sign In with Apple, it’s proving that you don’t need to buy a thousand-dollar device to get it.