When iOS 13 launches this fall, our iPhones and iPads are going to get a huge upgrade. It’s packed with features and performance enhancements. And while things like Dark Mode and Siri enhancements are going to grab our attention, maybe the best features of iOS 13 are all the things Apple is doing to help protect our privacy.
Apple’s moved beyond just some sternly-worded updates to App Store policies. With iOS 13, privacy gets right up in your face. You’re going to be better-protected from apps and sites that try to suck up unneeded personal info or track you all over the web and the real world, and you’re going to get constant reminders about bad actors.
Here are the most important new ways iOS 13 protects your privacy.
Sign in with Apple
Google and Facebook have popular single sign-on (SSO) features: those buttons you use to sign into apps with Google or Facebook so you don’t have to fill out a bunch of new info for every new app you try. But they can share lots of data about you with the app you sign in with, and the app may share data with Google or Facebook.
Apple’s cooking up its own SSO solution called Sign in with Apple. On all of Apple’s platforms and on the web, you’ll be able to sign in using your Apple ID (with Touch ID or FaceID on supported devices) and all the app will get is your first and last name.
If the app wants an email address, you can either provide the email associated with your Apple ID or have Apple generate a new, random, intermediate email forwarding address associated only with that app. Want to break ties? You can delete that forwarding address without impacting other services.
Apple’s updating its App Store policy to state that any app allowing other SSO options also has to include Sign in with Apple, so support should be widespread.
Apps and Location
In iOS 12, if an app wants to use your location, you’re given a prompt to allow it or not, with limited options. A lot of apps will ask to use your location at all times, even when the app is not in use—they don’t really need to track your location when you’re not using the app, but they do anyway, and who knows what they’re doing with that data.
In iOS 13, apps can still tell the OS that they want to always use your location, but you will only ever be presented with a single, universal prompt for any app: Allow While in Use, Allow Once (that’s new), or Don’t Allow. If you choose Allow Once, the app will have to prompt you again the next time you run it.
By default, iOS 13 will never let you immediately grant permission for an app to access your location in the background. If an app wants that permission, then as soon as the app wants to actually access your location while not in use, you’ll get a prompt asking if you want to Keep Only While Using or change the permissions to Always Allow.
This change alone will drastically cut down on users giving apps more location-tracking permission than they should, and eventually apps will stop overreaching in the first place (because they’ll be seen as a nuisance).
But Apple’s going further! If you have an app that is set to always allow access to your location, iOS will periodically remind you with a little pop-up window that gives the app’s explanation of why it needs your location. You can choose to continue always allowing access, or change it to “only while using.” This popup even has a little map showing all the locations recorded by that app.
With iOS 13, Apple is going to lay bare the eye-popping overreach of apps requesting our location data.
Locking down Wi-Fi and Bluetooth
Some apps are really sneaky. They know they don’t need your location for the app’s basic functions, but they want to record it to sell to third parties or target ads or something anyway. So instead of asking, they look at your proximity to known Wi-Fi hotspots and Bluetooth beacons to piece together a rough estimate of your location.
Fortunately, Apple’s closing this loophole in iOS 13. In fact, apps that want to use Bluetooth for their own purposes will now trigger a prompt from iOS asking if you want to allow it or not. Don’t worry, you won’t get a prompt from every audio app with which you want to use Bluetooth headphones—Bluetooth audio is handled automatically by the OS and not by the app itself.
Notes in Contacts
Lots of apps want to request access to your Contacts, and with good reason. They want you to have a ready-made list of people to message, email, or share with, or make it easy to find friends on a social app.
But this can give apps access more than just the contact info you may assume—names, addresses, phone numbers, or emails. People often store sensitive info in the “Notes” section a contact. Social security numbers, bank account numbers, alarm security codes, and more.
There’s no reason why an app that wants a list of your contacts so it can build a friend list should ever get to see that kind of info. So in iOS 13, they won’t. Apps that are granted access to your Contacts will no longer get to see the contents of the Notes field. If an app feels like it has a legitimate need for that info—maybe it’s a contacts manager that helps you merge duplicates, for example)—it can file a request for an exemption.
Encrypted home security cameras
If you have a Ring doorbell or Nest cam, or one of any number of home security cameras, you’re probably sending unencrypted video up to a server, where an AI algorithm (or worse, a team of humans!) are scanning it to see if that motion was an actual person approaching or just a shadow shifting in the wind.
Apple’s working together with camera makers like Netatmo, Eufy, and Logitech to build HomeKit Secure Video cameras. They send the video to your Home hub (a plugged-in iPad, HomePod, or Apple TV) where the AI features are performed without sending the video up to the cloud.
Your videos are still backed up to the cloud, of course. In fact, you get 10 days of backups for one camera with a 200GB iCloud plan and five cameras with a 2TB plan. The camera footage is then encrypted right on your home device before it is uploaded to your iCloud storage, where it doesn’t count against your iCloud storage limits.
So nobody ever gets to see your home security camera footage but you, and there’s no way for Apple to decrypt it even if they wanted to.
HomeKit is invading more than home security cameras. It’ll be in routers soon, too. HomeKit-enabled routers will firewall your smart home gadgets from each other, so that if one gets infected by malware, it won’t be able to infect others (or your networked computers or mobile devices).
You’ll be able to use the Home app to control which devices and services your HomeKit accessories can communicate with, both in your home network and on the internet. Apple announced that HomeKit-enabled routers are coming soon from Linksys, Eero, and the cable company Spectrum.
Safari has been a leader in preventing web tracking for the last couple of years. And the browser’s getting a lot of great new features in iOS 13, but it’s also going even further to protect your privacy.
Some sites and services use digital fingerprinting technology to create a unique identifier for you—they look at some of the settings, browser plugins, and other info that most browsers automatically transmit when they visit websites, and then use that info to create a convincingly unique identifier of you. You may think that disabling cookies and using a private browsing window keeps your identity secure, but those methods don’t protect you from this new form of digital fingerprinting.
Apple started working to combat that sort of tracking in Safari last year, and it's expanding that anti-fingerprint technology this year.
Apple’s also beefing up its cloud sync security. Open browser tabs and your browsing history is synced over iCloud, so you can easily access them in Safari on your Mac, iPad, and iPhone. With iOS 13 and macOS Catalina, that data will be end-to-end encrypted.