Apple’s Known for High-Security, But It Still Needs to Do These 5 Things

Underline the Difference Between Security and Privacy

Poking fun of Android about their lack of security has been an Apple mainstay for years (CES 2019 was the latest example), but we’d love to see more direct information that’s useful to customers. A big example is the difference between security and privacy, and what Apple is doing in both fields.

Privacy features affect how other people (or companies) can access your data, and how much control you have over that data. That’s separate from security features, which control how easily your devices can be attacked from the outside, especially when it comes to stealing or destroying data.

Tech companies often blur the distinction between the two, especially when they can make “privacy” look more like “security.” We would love to see Apple talk about privacy and security with greater definition, empowering customers to make the right choices.

Push Required Security Updates

Security updates can’t be undone once they are updated on macOS or iOS, which is a great step. However, a problem still remains: people ignore updates. They ignore updates all the time. The average user doesn’t have a clue when an operating system update is designed to fix vulnerability in security, and a lot of people just don’t like the idea of an update. Updating apps is even worse.

Apple could make a lot of difference by pushing security updates in new ways. Making them all automatic updates is one option (although Apple has mostly stayed away from required updates thus far). However, even pushing new notifications about apps and operating systems when a patch is designed to make them more secure could make a big difference. Inform the consumers about why the patch is so important, Apple!

Watch and Respond to Bug Threats More Quickly

Apple recently dropped the ball on this one, with the FaceTime bug that a lone Fortnite player discovered. The player’s mother tried hard to alert Apple about the bug that allowed users to force conversations on the unwary, but Apple… ignored her. Eventually, the mom joined Apple’s developer program so that she could bring the bug to the attention of the experts, but even this didn’t work. Only when she sent an official letter on her office letterhead (she works as a defense lawyer) with an in-depth video walking through the bug did Apple respond – and shut down FaceTime entirely while creating a solution.

This is pretty unacceptable from beginning to end. It looks like Apple needs to focus a lot more a bug reports and investigate all potential vulnerabilities instead of just assuming their architecture is flawless. Because it’s not.

Represent Its Perspective to the Government Effectively

Apple’s battle with the FBI continues, and it’s an important one no matter which side you think deserves the most leeway. Should Apple be forced to create software to hack its own phones? Should the FBI be able to access any iPhone it wants to? Is end-to-end encryption honestly a problem for law enforcement? These are big questions and we won’t pretend we know the answers. But we do want to see Apple continuing to represent its perspective and explore this tricky field further, with the knowledge that it’s going to affect the public in its entirety, not just their customers.

Come Clean About App Notarization

There’s been rumors floating around about Apple restricting apps with new barriers to entry, and removing the ability to whitelist apps. It’s probably being confused with the new app notarization that came with Mojave, or Apple’s new filter to catch any potentially dangerous or intrusive code from developer apps, and expedite the publishing of those apps that pass. Since this area is pretty murky right now, Apple should clarify exactly what its plans for the app development process are, and what it’s doing on both the privacy and security fronts.