Apple affirmed its commitment to customer privacy a year ago, and Tuesday’s update covers everything new in iOS 9 and OS X El Capitan. The company isn’t just issuing platitudes about how great its privacy protections are – it dives into real detail about how its various services use and protect your data.
Here are the highlights.
Beefed-up encryption: iOS 9 makes six-digit passcodes the new default on Touch ID-enabled iPhones. That significantly reduces the chances of someone cracking your passcode by just guessing it.
If you don’t use a passcode to secure your device, you may want to think twice. Apple encrypts the data on your device – like the information collected and stored in the iOS Health app – with encryption keys protected by your passcode. iMessages and FaceTime calls are also protected with end-to-end encryption, so it’s impossible for someone else to access your iMessages without your passcode.
Proactive Siri: In iOS 9, Siri is more helpful, providing you with suggestions for apps to use based on your habits and time of day. Apple says those predictive capabilities are stored on your device, not the cloud, which means the same encryption applies.
If Apple needs to pull information from its servers to offer you suggestions, like what time you should leave the house to make it to an appointment on your calendar, then the company will use anonymised rotating identifiers so that locations and searches won’t be traced to you. (You can also turn off proactive features’ access to your location altogether.)
Maps: This is where Apple really goes after Google (without naming names, of course). Google pulls all of your location data when you’re signed in to Google Maps to create a complete picture of who you are and where you go. That information is really useful to advertisers. Apple’s Maps app only knows you as a random number that frequently resets, scrubbing your data altogether.
“Maps is also engineered to separate the data about your trips – including public transit directions – into segments, to keep Apple or anyone else from putting together a complete picture of your travels,” the policy says. “Helping you get from Point A to Point B matters a great deal to us, but knowing the history of all your Point As and Point Bs doesn’t.”
Safari content blockers: iOS 9 brings Safari’s content-blocking capabilities to your iPhone, so you can install apps that block ads while you’re browsing the web. Apple says Safari supports content blockers in a way that prevents the content blocker from sending information to developers about your browsing habits.
Apple Music: Apple doesn’t use your streaming picks to advertise to you on any other service.
News app: The articles you read in iOS 9’s News app aren’t linked to you specifically, but to an anonymous News-specific identifier that you can reset at any time. News does use iCloud to offer you recommendations across all the devices you read News on, but those are stored on the device and not seen by Apple.
Apple does put ads in the News app and uses your reading activity to determine which ads to show you, but that information cannot be used outside of News to show you ads in any other app – not by Apple, and not by the publishers you read in News. You can also turn on Limit Ad Tracking, so Apple can’t target ads to you based on your activity in News.
Government requests: Governments around the world ask Apple for information on a regular basis, usually because someone has reported a stolen device and needs help tracking it down. But six percent of government requests are looking for personal user information. Apple can only divulge information about your iCloud account. If a device is protected by a passcode (which it should be, on devices running iOS 8 and iOS 9), Apple can’t comply with search warrants because files on those devices are protected by an encryption key tied to your passcode. That means Apple complied with just 27 percent of the six percent of account information requests in the US from 1 July 2014 through to 30 June 2015. Apple didn’t say how many total requests it received, but said less than 0.00673 percent of its customers were affected by requests.
“Apple has never worked with any government agency from any country to create a ‘backdoor’ in any of our products or services,” its government information request policy states. “We have also never allowed any government access to our servers. And we never will.”
Now if you want to dive deep into the details of Apple’s security, grab an adult beverage and sink into your sofa for some quality time with the 60-page iOS 9 security white paper.