Last week on Security Bite, I discussed a vulnerability in Stolen Device Protection, a newly added security feature in iOS 17.3. Vision Pro has since hit the market and has been dominating the headlines. This Sunday, I wanted to give your feed fresh air and discuss some of my favorite security and privacy features as of iOS 17.3. Admittedly, this will also give me more time to poke around at Vision Pro’s privacy and security protections in the real world.
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
Table of contents
This is Security Bite, your weekly security-focused column on 9to5Mac. Every Sunday, Arin Waichulis delivers insights on data privacy, uncovers vulnerabilities, and sheds light on emerging threats within Apple’s vast ecosystem of over 2 billion active devices. Stay secure, stay safe.
Stolen Device Protection
Stolen Device Protection came to iPhone last month in iOS 17.3 after reports of rising iPhone thefts in restaurants and bars. Thieves would allegedly witness users manually enter their passcodes before physically stealing the device and using the passcode to change Apple ID credentials and access passwords saved to the Keychain password manager.
As a result, the feature requires Face ID or Touch ID authentication (with no passcode fallback) before users can change important security settings like Apple ID passwords or device passcodes. It also enacts a one-hour security delay before users can change these security settings.
Despite the vulnerability I reported last week, which Apple helps address in the iOS 17.4 developer beta, Stolen Device Protection is a huge plus for users. Just having it enabled does no harm, and I would recommend it to everyone.
- Open the Settings app on your iPhone running iOS 17.3 or above
- Scroll down to Face ID & Passcode (or Touch ID & Passcode)
- Under Stolen Device Protection, tap Turn On Protection
Lock Private Windows in Safari with Face ID
This year, Apple is adding an extra layer of security to Private Browsing by incorporating Face ID. In iOS 17, users can now toggle “Require Face ID to Unlock Private Browsing” to protect their tabs. The operation is required each time you close out of Safari or lock your iPhone.
This feature is also available in macOS Sonoma by instead verifying with a password or Touch ID.
- Open the Settings app on your iPhone running any version of iOS 17
- Scroll down to Safari
- Check to make sure Require Face ID to Unlock Private Browsing is toggled on
Better tracking prevention
Continuing in Safari, Apple has also doubled down on its war against trackers with “greater protection” in iOS 17. Advertisers add tracking parameters to web links as one of the known ways to follow you across the Internet. These can even grab your IP address (location information) and device information.
Now, in Safari, Mail, and Messages, iOS 17 can automatically detect these types of URLs and remove the tracking in real-time. This can be enabled for All Browsing or just Private Browsing exclusively.
- Open the Settings app
- Scroll down and tap Safari
- Select the last option titled Advanced
- Tap Advanced Tracking and Fingerprinting Protection
- Pick your desired option
Auto-delete verification codes
As someone who uses 2FA with an SMS authentication code multiple times a day across many different services, this feature is a breath of fresh air for my Messages feed. You can auto-delete verification codes in Messages and Mail after inserting them with AutoFill.
Admittedly, this is more of a convenience feature than something that will better keep you secure. This could be helpful if a service uses predictable verification codes (a huge no-no) or in a SIM hijacking attack, but once a code is used, it is generally considered useless.
- Open the Settings app and go to Passwords
- Tap Password Options
- Toggle on Clean up Automatically
New Photos privacy permissions
Apple’s new Photos privacy permissions are likely one of the first things you’ve noticed in iOS 17. Any app you’ve previously allowed Photos access to for six months or longer will now trigger a prompt asking whether you want to limit the app’s access or continue allowing full access to your library.
If you select “Limit Access,” you’ll be asked to select specific images or videos each time you want to share media with the app—a great alternative to allowing apps free range over your Photos library.
In a world where personal data is becoming increasingly vulnerable and valuable, it’s great to see Apple implementing reminders for iPhone users.
Apple describes the feature in its recent press release:
A new embedded Photos picker can help users share specific photos with apps while keeping the rest of their library private. When apps ask to access the user’s entire photo library, the user will be shown more information about what they’ll be sharing, along with occasional reminders of their choice.
- No steps for this one! This is automatically enabled after installing iOS 17.
Automatic Check In texts in Messages
Rounding out this list is an entirely new safety feature Apple has baked into Messages in iOS 17. With what the company calls “Check In,” you can automatically alert friends or family via text when you’ve reached a desired destination.
In case something happens, Check In even goes as far as alerting your selected contacts if it recognizes that you’re not making progress to the destination. “If they don’t respond, the feature will share useful information — like the user’s precise location, battery level, cell service status, and the last active time using their iPhone,” according to Apple.
Note: Both users must be on any version of iOS 17 for this feature to work
Here’s how you can set one up:
- Open the Messages app in iOS 17 developer beta
- Select someone you’d like to send a Check In too and hit the + on the bottom left
- Tap More to reveal more options
- Then Check In
- After going through the setup pages, you’ll see the Check In appear in the Messages chat. From here, you can edit the destination as well as other options like whether you’re walking or driving.
I say all this as we’re less than five months out from iOS 18. This year, Apple is expected to significantly upgrade its operating systems with the use of artificial intelligence, most notably with an overhaul to Siri. In a rare move during Apple’s Q1 2024 earnings call last week, Tim Cook made a rare comment about the company’s investments in AI. My colleague Benjamin Mayo has more details on that here.
More: January’s top security headlines
- Apple GPU security flaw confirmed in iPhone 12 and M2 MacBook Air
- Security Bite: Dangerous malware found in these commonly pirated macOS apps
- iOS 17.3 and macOS Sonoma 14.3 include more than 10 security fixes
- Trello data breach of 15M accounts; Loan Depot 16M customers
- visionOS 1.0.2 fixes exploited WebKit flaw ahead of Vision Pro launch
FTC: We use income earning auto affiliate links. More.
Comments