Security and privacy have been two of Apple’s major selling points in modern times, especially as the company positioned itself against rivals like Google, Meta, and Amazon, all of which offer a variety of free and low-cost products and services, mostly because user data is the real treasure house.
With the announcement this week that it will be rolling out advanced data protection for iCloud in the latest updates to its software platforms, Apple has taken another step forward in security and privacy, closing loopholes that still allow third parties to access your data could be obtained. parties, whether malicious hackers or law enforcement.
But as good as those protections are, there are still a few places where the company could take additional security and privacy measures to ensure your data remains under your control.
Mail armor
Perhaps the most important type of data not covered by Apple’s latest security measures is email. In Apple’s announcement, it notes that “The only major iCloud data categories not covered are iCloud Mail, Contacts, and Calendar because of the need to interoperate with the global email, contacts, and calendar systems.”
That is fair! There are many email systems around the world and most of them do not use end-to-end encryption. While Apple’s own email services provide security in the form of encryption in transit and on servers, these keys are essentially owned by Apple rather than users.
But secure email is not an impossible improvement to implement. Take Proton Mail, for example, probably the best-known secure email service. It offers end-to-end encryption, in addition to the ability to send password-protected emails to any recipient. (Note: Proton also offers secure calendaring and contact services.)
Apple could do a lot more to make Mail more secure.
Foundry / IDG
There have long been ways to encrypt email, and Apple’s own email clients support both encryption standards and third-party add-ons (at least on the Mac) that enable this feature. But email encryption has always been a confusing and sometimes complicated process that requires you to manage keys and use other channels to exchange sensitive information with your contacts.
This seems like a place ripe for improvement and usability, the kind of thing Apple generally excels at, even if you can only send encrypted mail to other iCloud mail accounts, for example. The related technology of digital signatures would perhaps be even more useful: it could help bring peace of mind by ensuring that those you correspond with are who they say they are – a big potential boon in this age of phishing and other email based messages. scam. (Apple’s new iMessage Contact Key Verification, coming next year, will enable this type of feature for its Messages app.)
For better or worse, much of the world still runs on email. The company has made great strides in privacy by allowing features like Hide My Email, but adopting email encryption would be one more way Apple can ensure the privacy and security of this key technology.
house keys
One of the best security features Apple has implemented is iCloud Keychain, which makes it easy to generate and store strong individual passwords (and now passkeys). But one of the biggest frustrations with that feature is in those cases where you need to share passwords with other people.
For example, most households probably have several streaming services running on different devices: iPads, iPhones, Apple TVs. And most households have probably encountered an issue where a new device needs to be signed into a service, or an existing device is somehow logged out. But if the account is linked to one person – and therefore the password stored in their iCloud Keychain – how is the rest of the household supposed to access it?
Yes, iCloud Keychain supports AirDrop sharing. But since AirDrop only works nearby, you often have to fall back on the next best solution: copy the password from iCloud Keychain and paste it into an iMessage or, worse, an email. This removes much of the security (and convenience) of iCloud Keychain; more problematic, as passkeys become more popular, won’t really be an option: a passkey is a long string of characters, more complex than any password, that you can’t really send over iMessage.
Apple
Building on the success of the rest of its Family Sharing features and, in particular, iCloud Shared Libraries, Apple should provide a way for people in a family group to designate certain passwords and passcodes that will be shared with others. That way, not only would everyone in a household have access to those specific passwords/keys, but they would even sync automatically, so if a password is changed, everyone would automatically have the updated version. I’m sure more than a few parents would be happy not to have to answer “What’s the password?” texts from their children never again.
Trust but verify
These improvements would be well and good, but to maintain user confidence, Apple needs to stay ahead of the game in terms of security and privacy as well. A positive step in that direction is that Apple has said the aforementioned advanced data protection will be rolled out globally, including in China, where the company has often struggled to navigate local authoritarian regime laws while protecting its users’ data. to protect. If ADP does indeed take effect there, it could be a major win for Apple’s reputation.
Apple must also be transparent about all security and privacy issues. For example, a recent report suggests that the company’s devices continue to send information back to Apple even if users opt out. While this could be a bug or a misunderstanding, it behooves Apple to address these issues clearly so as not to damage its reputation when it comes to the rest of its security; there is nothing more important than trust: it is easy to lose and hard to gain back.
