iOS 14: What’s new in privacy

WWDC 2020 introduced a lot of exciting privacy changes in iOS 14. I thought it’d be fun to run through most of them here. For more details, I recommend you watch the sessions linked below.

Pasteboard Alerts

People copy all sorts of sensitive data to their clipboards, but advertisers don’t care. So iOS 14 reveals the pasteboard access habits of every app.

For legimate usecases, there’s a new UIPasteboard API (via Benjamin Mayo) that allows browsers and the like to silently check for specific content types (currently web searches and URLs) without proactively accessing the data and triggering an alert.

Camera and Microphone

iOS 14 also adds little indicators for video and audio input. I wouldn’t be surprised if an “Allow Once” camera permission arrived in a future release.

IDFA

The isAdvertisingTrackingEnabled property (previously informed by a toggle Settings) has been deprecated, in favor of an opt-in process to fetch the advertising identifier:

The advertising identifier has a value of 00000000-0000-0000-0000-000000000000 until authorization is granted or when using the Simulator.

John Koetsier:

Apple killed the IDFA without killing the IDFA, by taking it out of the depths of the Settings app . . . and making it explicitly opt-in for every single app. If an app wants to use the IDFA, iOS 14 will present mobile users with a big scary dialog.

Dave Mark:

Let’s all shed one single solitary crocodile tear in false sympathy for an industry that did everything it possibly could to abuse users.

Limiting Access

Location

Users will get the option to only share approximate location data with apps. I think this is a boon for user-respecting weather apps. For other usecases, navigation apps can gracefully request temporary upgrades to full accuracy, and when geofencing features are used (as in Reminders), the app will have to send the user to Settings to enable a “Precise Location” toggle.

Photos

This is pretty cool. Apps (especially messaging ones) love to ask for full photo access.1 Now users will be able to ration the ones received from the system (and add more each time they request the permission).2 That’ll prevent (trigger warning) GPS data aggregation, as demonstrated in this proof-of-concept .

Contacts

When apps have set textContentType on their form fields, the system will allow users to autofill fields from their contacts database without requiring the app to access it.

Local network access

Apps that interact directly with the user’s local network (or contain code that do, like the Google Cast SDK) will throw a new permission prompt. This is a natural progression from iOS 13, which disabled Wi-Fi network info queries and made Bluetooth access opt-in. Automatically allowing direct local network access is like drilling a huge hole in the iOS sandbox, allowing less savory SDKs to worm their way into the increasingly connected lives of users.


On that awkward metaphor, I hope you’ve enjoyed this rundown of iOS 14’s privacy improvements. If you’re an app developer or curious fellow, you should check out these relevant sessions:


  • Hopefully this will change with the new built-in photos picker. ↩︎

  • The implementation reminds me of HealthKit: if the user denies read access to a category, the app's queries simply return no data. ↩︎