Inside Apple's move to ramp up security & privacy in iOS 12 & macOS Mojave

Posted:
in macOS edited June 2018
Apple used the Platforms State of the Union presentation to detail the privacy and security enhancements it will be including in macOS 10.14 and iOS 12, protecting even more types of user data and making it safer for users to download macOS apps away from the Mac App Store.




In iOS 12, users can be provided with strong passwords that are unique and complex, with the created password populating the password field automatically. The passwords will be offered in sign-up forms within apps, as well as through web forms in Safari, with the passwords synchronized across devices using the iCloud Keychain.

It will also be easier for users to retrieve their saved passwords, with a Siri request taking them to their password list. Users will also be warned if any of their self-created passwords have been reused on other existing accounts, minimizing the potential for an attacker leveraging credentials acquired from one service to access another.

Two-factor authentication will be more convenient, with iOS automatically copying the security code included in text messages to the required field in the app's log-in page. A new Password AutoFill extension will allow third-party password managers to supply passwords that can be quickly added with a tap.




Some elements will also be included in macOS Mojave, including Safari's automatic password creation, iCloud Keychain synchronization, and reused password flagging.

During the keynote, it was revealed users would need to provide permission to macOS apps in order to use an onboard camera and microphone, and to access data such as a user's Mail history and their Messages database. During the State of the Union, it was advised Apple is extending the need for permissions to cover Safari data, Time Machine and iTunes device backups, locations and routines, and system cookies.

Users will be able to make changes to permissions in the Security & Privacy section of their Mac's System Preferences.

For apps that are distributed outside the Mac App Store, Apple is introducing the option for developers to "Notarize" their apps. An extension to Apple's existing Developer ID program for verifying the creators of apps, developers can submit their apps to Apple for review, with notarized apps confirmed by the company to be free of malware and other hazards.




As well as providing an extra level of protection to users, notarizing apps will also make it easier to revoke specific compromised versions of apps compared to the existing signing certificate system, which can revoke all apps using the same certificate.

Apple advises that the notarization is not an app review process, but one that checks just for security issues. Developers are also warned that future versions of macOS will require Developer ID apps to be notarized before they can be installed.

For personal data protection online, Safari has an enhanced Intelligent Tracking Prevention feature that aims to reduce the number of data points advertisers can acquire. These make up a digital fingerprint, which can be used to track a user's movements online.

Safari's new protections include stopping social media buttons to "like" and "share" content from providing identifying information. Safari will also present advertisers with a set of simplified system information, one that makes the user's Mac look indistinguishable from other Safari users, increasing the difficulty of tracking users by making that data point practically unusable.

Apple has also confirmed macOS Mojave will be the last version of the operating system to support 32-bit apps "without compromises." Developers will need to migrate to 64-bit if they haven't already, if they wish for their apps to be usable with future macOS releases.
cornchip
«1

Comments

  • Reply 1 of 31
    sergiozsergioz Posts: 338member
    “Apple has also confirmed macOS Mojave will be the last version of the operating system to support 32-bit apps "without compromises."”
    I thought that macOS High Sierra is the last OS to support 32 but apps? 
    edited June 2018
  • Reply 2 of 31
    dempsondempson Posts: 62member
    Apple has also confirmed macOS Mojave will be the last version of the operating system to support 32-bit apps "without compromises." 
    No they didn't. The slide at 20:20 into Platforms State of the Union said "High Sierra will be the last macOS release to support 32-bit apps without compromises".

    The next slide said "Mojave is the last macOS release to support 32-bit apps".

    "Without compromises" is in reference to High Sierra, exactly what Apple was saying last year. Mojave will run 32-bit applications, but with compromises. Apple has not said exactly what those compromises are.

    The version after Mojave (presumably 10.15, due to be released in late 2019) will not run 32-bit applications at all.
    tmaySolitzm41Alex1Nmagman1979cornchipdoozydozen
  • Reply 3 of 31
    Rayz2016Rayz2016 Posts: 6,957member
    Being a Mac developer really is survival of the fittest. 🏃🏾‍♂️
    SEJUAlex1Nmagman1979doozydozen
  • Reply 4 of 31
    rob53rob53 Posts: 3,241member
    Rayz2016 said:
    Being a Mac developer really is survival of the fittest. 🏃🏾‍♂️
    No, being a Mac developer is survival of willingness to protect consumers' privacy and personal information instead on making money off of it. Play by the rules, protect the customer and Apple and it's customers welcome you. Don't and you can go work for Facebook and Google, selling your soul to the highest bidder.
    racerhomie3E’Tallitnicsbluefire1uraharaAlex1Nlostkiwimagman1979cornchipdoozydozenGeorgeBMac
  • Reply 5 of 31
    FolioFolio Posts: 698member
    Glad Apple is playing hardball with web tracking. Much better than current (feeble) Safari option in Settings: “Ask websites not to track me”.
    lostkiwiAlex1Nmagman1979cornchipGeorgeBMac
  • Reply 6 of 31
    SoliSoli Posts: 10,035member
    1) Mojave being the last version of macOS that will support 32-bit apps, plus the the new Notarize service for side-loaded (non-Mac App Store) apps tells me that they're reading the eventual release of ARM-based Macs and that they won't require the MAS for those apps à la iOS.

    2a) I like their changes to passwords and security, but I'm still not going to use Apple's Keychain. I do see there are improvements for 3rd-party password managers, which I hope that more 1st and 3rd-party apps will support, but I really doubt it since that options has been available for years and so very few apps are supporting it.

    2b) One great addition is the app being able to tell Apple's password generator how complex the apps can be. I've been wanting something like that for many years for websites. I envision something public and standardized, like robots.txt, that any password manager extension can read to get the minimum, maximum, and character options usable for creating a password.
    Alex1Nfastasleep
  • Reply 7 of 31
    majorslmajorsl Posts: 119unconfirmed, member
    Hopefully the Developer ID/Notarize will have a free or small fee option (assuming it doesn't already) when it eventually becomes a requirement. There is a lot of great open source software that has been available for the macOS as zero cost for decades. Anyone has an idea about this?
    Alex1N
  • Reply 8 of 31
    bluefire1bluefire1 Posts: 1,301member
    Can’t wait for these upgrades!
    magman1979watto_cobra
  • Reply 9 of 31
    lkrupplkrupp Posts: 10,557member
    majorsl said:
    Hopefully the Developer ID/Notarize will have a free or small fee option (assuming it doesn't already) when it eventually becomes a requirement. There is a lot of great open source software that has been available for the macOS as zero cost for decades. Anyone has an idea about this?
    Of note is that is has been confirmed by MacBreak Weekly contributor and iMore writer Micha Sargent, who attended the presentation of this, that the new Gatekeeper will NOT be able to be turned off. Unless an app is a) from the App Store, b) developer signed, or c) Notarized it will not be allowed to launch, period. Leo LaPorte flew into a rage, Andy Ihnatko just shook his head. It's coming.
    edited June 2018 Alex1NdoozydozenGeorgeBMac
  • Reply 10 of 31
    tzm41tzm41 Posts: 95member
    majorsl said:
    Hopefully the Developer ID/Notarize will have a free or small fee option (assuming it doesn't already) when it eventually becomes a requirement. There is a lot of great open source software that has been available for the macOS as zero cost for decades. Anyone has an idea about this?
    Apps could still run without being Developer ID'ed...
  • Reply 11 of 31
    Rayz2016 said:
    Being a Mac developer really is survival of the fittest. 🏃🏾‍♂️
    Haha! 

    I wonder how many developers knew they were going to be breaking a different kind of sweat at WWDC?
    Alex1N
  • Reply 12 of 31
    spice-boyspice-boy Posts: 1,450member
    Facebook and Google have shown what companies in the USA who's technology goes unchecked and unregulated will "do evil". Google and Facebook (the two biggest offenders) leeches on our privacy and will sell it to anyone (or government) will to pay for it. If you want to be really "free" don't use free software and services. 
    lostkiwimagman1979GeorgeBMacwatto_cobra
  • Reply 13 of 31
    gatorguygatorguy Posts: 24,176member
    spice-boy said:
    Facebook and Google have shown what companies in the USA who's technology goes unchecked and unregulated will "do evil". Google and Facebook (the two biggest offenders) leeches on our privacy and will sell it to anyone (or government) will to pay for it. If you want to be really "free" don't use free software and services. 
    LOL. Even you know better, yet write it anyway. 
  • Reply 14 of 31
    majorslmajorsl Posts: 119unconfirmed, member
    spice-boy said:
    Facebook and Google have shown what companies in the USA who's technology goes unchecked and unregulated will "do evil". Google and Facebook (the two biggest offenders) leeches on our privacy and will sell it to anyone (or government) will to pay for it. If you want to be really "free" don't use free software and services. 
    You're confusing web-based services with applications. I know it's sometimes hard to tell when you live in an "app" world where iOS makes it look like gateways to these services are a real application.

    I'm talking about program that run on a computer and doesn't connect to anything "outside".  There are plenty with a lot of value, utility, and that do things that no paid for program does.  Take a look over the wall in the garden, you may find that a whole world exists outside with some wonderful things in it!
    Alex1N
  • Reply 15 of 31
    Alex1NAlex1N Posts: 129member
    Indeed, Majorsl. Appd lke Nisus (word processor) GraphicConverter (full graphics editor) and MacPorts, to name inly three shuning examples (and which I use constantly)
  • Reply 16 of 31
    fastasleepfastasleep Posts: 6,408member
    lkrupp said:
    majorsl said:
    Hopefully the Developer ID/Notarize will have a free or small fee option (assuming it doesn't already) when it eventually becomes a requirement. There is a lot of great open source software that has been available for the macOS as zero cost for decades. Anyone has an idea about this?
    Of note is that is has been confirmed by MacBreak Weekly contributor and iMore writer Micha Sargent, who attended the presentation of this, that the new Gatekeeper will NOT be able to be turned off. Unless an app is a) from the App Store, b) developer signed, or c) Notarized it will not be allowed to launch, period. Leo LaPorte flew into a rage, Andy Ihnatko just shook his head. It's coming.
    I'm curious about the long term road map for this. A friend of mine has been barking at me about how eventually they're going to disallow GPL3 software, terminal applications, so forth. Is that what you're saying implies will happen? And when?
  • Reply 17 of 31
    majorslmajorsl Posts: 119unconfirmed, member
    lkrupp said:
    majorsl said:
    Hopefully the Developer ID/Notarize will have a free or small fee option (assuming it doesn't already) when it eventually becomes a requirement. There is a lot of great open source software that has been available for the macOS as zero cost for decades. Anyone has an idea about this?
    Of note is that is has been confirmed by MacBreak Weekly contributor and iMore writer Micha Sargent, who attended the presentation of this, that the new Gatekeeper will NOT be able to be turned off. Unless an app is a) from the App Store, b) developer signed, or c) Notarized it will not be allowed to launch, period. Leo LaPorte flew into a rage, Andy Ihnatko just shook his head. It's coming.
    I'm curious about the long term road map for this. A friend of mine has been barking at me about how eventually they're going to disallow GPL3 software, terminal applications, so forth. Is that what you're saying implies will happen? And when?
    Terminal too, I didn't even think of that. They lock stuff like that down and GPL software, and about 1,000 Macs at the University I work at will be replaced with non-Apple machines out of necessity at our next lifecycle.  Probably a couple 100 more I can see in other areas too.  They would be basically locking out whole segments of their users - users that they have no clue about what their needs are because it doesn't fit into their framed iOS minded "App world".

    I mean, sure, they can do whatever they want - their product.  It's a pity that they'll lose the halo effect from all those students who would not otherwise be exposed to an Apple product.
  • Reply 18 of 31
    fastasleepfastasleep Posts: 6,408member
    majorsl said:
    lkrupp said:
    majorsl said:
    Hopefully the Developer ID/Notarize will have a free or small fee option (assuming it doesn't already) when it eventually becomes a requirement. There is a lot of great open source software that has been available for the macOS as zero cost for decades. Anyone has an idea about this?
    Of note is that is has been confirmed by MacBreak Weekly contributor and iMore writer Micha Sargent, who attended the presentation of this, that the new Gatekeeper will NOT be able to be turned off. Unless an app is a) from the App Store, b) developer signed, or c) Notarized it will not be allowed to launch, period. Leo LaPorte flew into a rage, Andy Ihnatko just shook his head. It's coming.
    I'm curious about the long term road map for this. A friend of mine has been barking at me about how eventually they're going to disallow GPL3 software, terminal applications, so forth. Is that what you're saying implies will happen? And when?
    Terminal too, I didn't even think of that. They lock stuff like that down and GPL software, and about 1,000 Macs at the University I work at will be replaced with non-Apple machines out of necessity at our next lifecycle.  Probably a couple 100 more I can see in other areas too.  They would be basically locking out whole segments of their users - users that they have no clue about what their needs are because it doesn't fit into their framed iOS minded "App world".

    I mean, sure, they can do whatever they want - their product.  It's a pity that they'll lose the halo effect from all those students who would not otherwise be exposed to an Apple product.
    I am not saying he's correct, I'm literally asking if anyone knows for sure that's what this info above implies at all. The friend in question is kind of an idiot in ways, so I take a lot of his chicken little stuff with a huge salt lick.
    watto_cobra
  • Reply 19 of 31
    welshdogwelshdog Posts: 1,897member
    So it sounds like Mojave will have built-in, all the features that one gets by using 1Password. I wonder if you can set it up to not use iCloud, but still do some sort of manual sync between devices?  I have logins, passwords, software keys etc. stored in 1Password, but I don't ever let it put the data in the cloud.  The app has a discrete Wifi sync function that I perform periodically to get all devices synced to the master file in MBP.  If Mojave can do this, I'll gladly dump 1Password.  I'm never going to be comfortable putting this kind of info in the cloud.  I know iCloud does a good job of protecting my data and my login to that data, but shit happens and I don't want any of that shit on my sensitive data.
    watto_cobra
  • Reply 20 of 31
    emoelleremoeller Posts: 574member
    Alex1N said:
    Indeed, Majorsl. Appd lke Nisus (word processor) GraphicConverter (full graphics editor) and MacPorts, to name inly three shuning examples (and which I use constantly)
    I also use GraphicsConverter (great bit map graphics editor).  Reading through the comments this all sounds like Apples version of 1984.  I can’t imagine my computers being that locked down with no opportunity for override.  
    watto_cobra
Sign In or Register to comment.