As is typical for Apple’s developer conferences, on Monday it started hyping the privacy and security goodies it’s got in store for us in a few months.
During the pre-taped keynote at Apple’s Worldwide Developers Conference (WWDC), the company promised to pump up data protection even more with gobs of new features in its upcoming iOS 14, macOS Big Sur, and Safari releases.
The latest operating system from Apple, macOS11 Big Sur, has arrived and it brings with it a few significant architecture modifications. In this article, we will take a look at these changes, as well as some of the things you might consider doing to automate much of the deployment of Intercept X on macOS. The current version of Sophos Endpoint Protection is not compatible with the upcoming release of Apple macOS Big Sur. Upgrading to macOS Big Sur will result in endpoint protection being disabled; LITS will be blocking this upgrade on College-owned Macs to prevent this from happening. LITS also recommends that community members do not upgrade any.
(Here’s the complete keynote transcript, courtesy of Mac Rumors, if you don’t have a spare 1:48:51 to listen to the opening for Apple’s first-ever, all-online WWDC.)
Pretty please stop the ad tracking
- The current version of Sophos Endpoint Protection is not compatible with the upcoming release of Apple macOS Big Sur. Upgrading to macOS Big Sur will result in endpoint protection being disabled. We strongly recommend that customers do not upgrade any macOS clients running Endpoint Protection to macOS Big Sur at this time.
- Incoming SSH connections will fail if running Sophos Home v10.0.1a1 + MacOS 11 Big Sur We have identified a possible root cause for this issue. Expected fix to come out on 2021. Network based Time Machine backups fail with 'disk is already in use' message.
- Sophos Anti-virus requires approval of a System Extension by the end user before it's fully functional. On macOS 11 Big Sur, Sophos On-Access scanning will be disabled until you approve the Sophos.
The big ones include the option for users to decline apps’ ad tracking. More specifically, we’ll be given the option to “Allow Tracking” or “Ask App Not to Track.” As Wired’s Lily Hay Newman points out, “asking” sounds a lot more dubious than “blocking.” But Apple makes it decisive in its notes to developers, where it says that the permission is a must-have for developers, not a nice-if-you’re-in-the-mood.
Katie Skinner, a user privacy software manager at Apple, said during the keynote that this year, the company wants to help users to control ad tracking:
We believe tracking should always be transparent and under your control. So moving forward, App Store policy will require apps to ask before tracking you across apps and websites owned by other companies.
Developers will also be required to cough up data on exactly what third-party software development kits and other modules they’ve incorporated into their apps, what those components do, what data they collect, who they share it with and how it will be used. Think of the charts like nutrition labels, Apple said on Monday: they’re a way for developers to transparently share security and privacy details.
Apple isn’t the first to think about labels that could give us a heads-up about what a chunk of code is up to. Last month, Carnegie Mellon University presented a prototype security and privacy label based on interviews and surveys, the focus of which was the shabby state of security in the Internet of Things (IoT).
Sophos Endpoint Protection Macos Big Sur
IoT devices, App Store apps, fill in the blank: why not label them all? One caveat is that we actually have to trust developers to a) be candid about what they’re up to, rather than b) lying through their teeth. Unfortunately, developers all too often choose option B. For example, sometimes they try to manipulate Google’s security by removing suspicious code before adding it back in to see what trips detection systems, and then we wind up with ad fraud apps hiding in the Play Store.
Another of many examples: in March, Google and Apple had to hose down their app stores to cleanse them of apps that secretly install root certificates on mobile devices – certificates that enable a popular analytics platform to suck up users’ data from ad-blocker and virtual private network (VPN) mobile apps.
The long privacy road
Sophos Endpoint Protection Macos 11 Big Sur
Just like iOS 13 last year, Apple’s upcoming iOS 14 mobile update – expected in the autumn with the release of new iPhones and iPads – is yet another step in the company’s long privacy march.
Since at least 2015, Apple CEO Tim Cook has drawn a distinction between how the company handles privacy versus the tech companies that “are gobbling up everything they can learn about you and trying to monetize it.” Apple, which makes its money selling hardware, has “elected not to do that,” he’s said.
Apple was already working on taking control of ad trackers when it released iOS 13 last year, bringing with it the ability to see what apps track you in the background and offering the option of switching them off. Ditto for iPadOS. The new feature came in the form of a map that displayed how a given app tracks you in the background, as in, when you’re not actually using the app. Giving us the ability to ask that we not be tracked in iOS 14 is a logical next step.
In other security-positive news, the Safari upgrade will also start checking any passwords you store in the browser and can alert you if any have been compromised in a data breach. It won’t share those passwords with Apple.
Happy talk
Of course, it’s worth noting that Apple’s much-vaunted privacy technologies sometimes fall flat on their faces. Case in point: in January, Google researchers published a proof-of-concept analysis of how the Intelligent Tracking Prevention (ITP) in Safari could actually leave users exposed to a slew of privacy issues, including, ironically, being tracked.
But even if we have to take Apple’s privacy and security news with a grain of salt, there’s a lot of meat on Apple’s upcoming privacy and security enhancements.