How IOS 15 provides more security

How IOS 15 provides more security

Mark Zimmermann

Security and data protection have always been important to Apple.In the new version of iOS/iPados, the company continues to drive the topics and defuse some problem areas.

Enlarge

© Daniel Constante - Shutterstock.com

For many users, the provision of software updates is a double-edged sword: on the one hand, many new, sometimes also safety-relevant functions are given to them, on the other hand, this always means a change, if not a fault for the users.Especially since Apple has not necessarily spilled with fame with some bugs in updates provided.

As a solution, users with the new OS versions now have the choice between two types of software update in the settings app: You can update the latest version of iOS 15 in order to obtain the most comprehensive set of the latest functions and security updatesOr only obtain important security updates until they are willing to leave iOS 14.

Data protection dashboard enriches iOS 15

Nevertheless, an upgrade to iOS 15 is of course worthwhile, you look at the numerous innovations of the new operating system version - in general, but also especially in the area of security and data protection.For example, Apple introduces a new data protection dashboard - similar to Android 12 - for apps with iOS/iPados 15.Here users can see how often each app on the device has accessed sensitive data such as location, photos, contacts, microphones and/or the camera in the last seven days.Domains to which an app has contacted are also displayed.

A further improvement in data protection: Since iOS 14, users have been informed by displaying at the top of the screen that applications such as Tik Tok, Accu Weather, Google News or other apps access the clipboard.So far, however, the hint has also come when the user himself inserts something out of the clipboard in an app.With iOS/IPADOS 15, an adjustment was made here again.

With the function called "Secure Paste", developers can now control more and more how the data can be handled in the clipboard, i.e. that copied content in the clipboard for automatic handling in other apps is protected.Only the user himself can manually insert the data from the clipboard.In this case, the system also dispenses with the notification at the upper edge of the screen that an action was carried out with the clipboard.

In contrast, the release dialogues for the data protection settings have remained largely unchanged.The only exception: In the future, the developers can provide the user a "one -time" release of the location as a selection option in order to temporarily receive its current location.

iCloud+: The plus stands for private

With iCloud+, Apple offers a private relay (similar to a VPN) for existing iCloud subscribers without additional costs.More precisely, Apple (probably) automatically activates these extended functions.The user's internet traffic is guided here by two relays, which means that the user for advertising networks and data broker is masked.This function encrypted the data traffic transmitted by the device.

"All user inquiries are sent via two separate internet relays," explains Apple.Apple's iCloud Private Relay works in a similar way to a VPN, since it leads the data traffic of the users into its entirety via other servers, hides the IP address of the user from the websites he visited and hid the data traffic from the user's Internet provider.

This differs from a virtual private network: In a classic VPN, data traffic takes the route from the user to the VPN server and from there to the website.The response data then flow precisely.In contrast to a VPN, Apple, as a provider of the solution, does not know where to go.

When using a VPN, it is possible for websites to incorrectly determine the location of the user based on the IP address of the VPN server.For some VPN users, this is also the reason to use them, for example to avoid streaming providers regional barriers.

Wie iOS 15 mehr Sicherheit bietet

Private relay vs. VPN

Private relay, however, adds another server to the whole, which ensures that nobody in the chain - not even Apple - can see the entire data traffic.The data traffic is fully encrypted by the user to the Ingress Proxy, then to another EGRESS PROXY and from there to the website.It should be noted that the "Ingress Proxy" server itself is operated by Apple itself, but the "Egress Proxy" comes from a (trustworthy) third-party provider.Who these third -party providers are is unknown.However, the first tests with the beta version of iOS/iPados 15 have shown that at least cloud flare occurred here.This construct ensures maximum security and data protection, because Apple does not know where the data traffic is going, the third -party provider does not know "who" the user or "where" he comes from.

With private relay, Apple offers no way to configure a different country as a starting point for data traffic.Users can (only) choose between two options:

"Preserve Approximate Location" (standard) and

"Use Broader Location".

Technically speaking, every hop that is inserted into the "chain" of a network connection slows down the communication and thus the speed at which a user is on the Internet.However, private relay works with the Quic network protocol support and HTTP/3 supported since iOS 14 - these connections are characterized by a shortened package circulation.In contrast to conventional TCP and TLS compounds, the loading times and buffers of a website can shorten, since less communication between the client and server is required.In practice (iOS 15 Beta 1), after initial jerking of the first few days, I could not notice any negative effects.

If the user has an active iCloud private relay configuration, the following data is transmitted:

All Safari activities;

All DNS queries;and

Large parts of app data traffic on unsafe web servers ("http:"-Request, port 80/8080).

Data traffic in the local network and via VPN configurations are not routed through these options, also no data connections from apps to secure endpoints ("https:"-Request).In the absence of an iCloud subscription, this service is also not available for managed Apple IDS.

But even without iCloud+, the Safari browser with iOS/iPados 15 already offers a fundamental new data protection effect by hiding the IP address of the user from trackers-if only before it.This generally reduces the possibility of using the user's IP address as a clear identifier to link website-wide activities and create profiles via the user.

Protection against tracking emails

Speaking of tracking: The problem is known-once again there are numerous spam emails in the inbox of the personal May mailbox.However, this problem can be put to an end with a disposable email address (or a temporary).With Hide My E-Mail (in which iCloud+ included), users can do exactly this with the help of iOS/iPados 15.The system generates a unique, random email address that the user can also use in his personal inbox.

With the new Mail Privacy Protection to protect the e-mail private sphere, tracking pixels (usually a 1-pixel picture) are also unusable.If an email is opened with such an invisible pixel, the image establishes a connection to the sender server and also returns sensitive data such as the IP address of the user, the device location and the email client used.

Something has also happened when it comes to two-factor authorization: the iCloud key federation now receives an integrated two-factor confirmation code.This means that a user no longer needs a separate app like Google Authenticator or Authy.

With "Passkeys in iCloud Keychain", Apple also develops a way that users can use to use a biometric accountauthentification (Face ID / Touch ID) instead of a password.Essentially, a Passkey is a private / public key according to the web-authn standard.This function works like a physically existing safety key.Since the passkeys are shown in software, they are not in the hardware, but in the iCloud keychain.

If you want to create an account as a user, there is no password with which you have to register.You can access your online account with just one log-in and a biometric bankruptcy (Face ID / Touch ID).No password is no longer required here, since the Apple device takes over the generation of the clear main key that is used for the website, so that the registration is only by entering an account and automatic authentication.But don't look forward to it too early.The function is currently only intended for the developer test.(MB)