What&#39;s new in Privacy

Apple sees privacy as being a fundamental human right.
Apple designs its platforms to protect people.

Privacy pillars

• Data minimization
• On-device processing
• Transparency and control
• Security protections

Data minimization:

• Collecting the minimum amount of data needed to power a feature.

On-device processing:

• Performing computations locally on the device and not sending data to servers whenever possible, to avoid potential exposure by a server-side process.

Transparency and control:

• Being transparent to the user about what data is being collected
• Giving the users control over if and how the data is being used.

Security protections:

• Provides the technical guarantees and enforcements for privacy protections.


macOS 15 and iOS 18 use these privacy pillars as part of their design.

• New pickers - allows users to share only the data they want.
• Upgraded platform protections - avoid accidental data over-sharing
• Permission changes - clarify permission dialogs to clearly indicate what data is being shared.
• New platform capabilities - improving user privacy

New pickers:

Pickers will share only the selected data with the app.

FinanceKit

Pickers will share only specified transaction data without sharing any additional financial data with an app.

The picker will be drawn on top of the app and is not part of the app itself, which should block the app from accessing the data displayed by the picker. Transactions selected in the picker, and only those transactions, are shared back to the app.

Ongoing data access

• User is able to control how much data can be shared with an app by selecting which transaction data sources can shared with an app, and also control the timeframe of the transactions accessed (like only providing data on the last thirty days&#39; worth of transactions.)


Image Playground:

You can add image generation to apps with Image Playground API. The Image Playground API provides access to the system-provided on-device personalized image generation capabilities also available  in Apple&#39;s Image Playground app.

The picker allows you to browse and select images, with only the selected image(s) being shared back to the app. Image generation and selection are both hosted by the operating system and not the app. Because the user is explicitly selecting what to share, there is no permissions prompt.


AccessorySetupKit:

Apps with access to data may also need access to services like Bluetooth. AccessorySetupKit provides access to those services while also managing the data provided to those services. It also combines several previous permission dialogs into one picker, including Wi-Fi and Bluetooth join permissions. 

At the same time, only the permissions needed to connect to specified accessories are granted. Connecting an app to an external accessory via Bluetooth only provides Bluetooth access to the specified external accessory and does not provide the app access to any other  external accessories that have never been paired to the app. This allows the app to access only what it needs while not allowing it access to anything else.

This change also makes accessory management more simple. The app can re-name the accessory as needed in its settings and also tag the accessory with which app(s) have access to it. Forgetting the external accessory removes the accessory and all associated permissions from the device.



Upgraded platform protections:

macOS 15 and iOS 18 include new protections:

• Private Wi-Fi
• macOS Extensions
• App group container protection

Private Wi-Fi:

Private Wi-Fi controls for MAC address rotation on iOS
MAC address protection for macOS

MAC addresses are not protected by current Wi-Fi security standards and can be tracked.

Private Wi-Fi addresses are available in the current release of iOS and are being added to macOS as part of macOS 15. They provide random per-network MAC addresses, with the MAC address of the device being changed to a new one roughly every two weeks if the &#34;Rotate Wi-Fi Address&#34; option is enabled. If the &#34;Rotate Wi-Fi Address&#34; option is disabled, this rotation does not occur.

If a Wi-Fi network is forgotten, a new MAC address is always generated after at most 24 hours.

For public Wi-Fi networks, the &#34;Rotate Wi-Fi Address&#34; option will default to a static rotating MAC address and otherwise, it&#39;ll default to a random MAC address.

The default behavior of the &#34;Rotate Wi-Fi Address&#34; setting depends on what kind of Wi-Fi network being connected to.


macOS Extensions:

macOS now includes system notification about extensions, which may include the following:

• Spotlight importers
• Dock tiles
• Smart card reader drivers
• Color panels
• Media extensions

Cron is now disabled by default on macOS Sequoia, but can be re-enabled in the &#34;Login Items and Extensions&#34; window in System Settings. This is the &#34;legacy background tasks&#34; toggle in the &#34;Login Items and Extensions&#34; window.

The following are also deprecated as of macOS Sequoia:

• Directory Services plug-in
• Legacy QuickLook plug-ins
• com.apple.loginitems.plist


App group container protection:

If an app tries to access data which is stored in another app&#39;s data container, a dialog prompt is displayed to the user to ask permission.

Data stored outside of an app&#39;s data container can be read by any application.

Apps which are from the same vendor can share data in an app group container, so that those apps can share data without the user being prompted. Apps from other developers which request to access the group container&#39;s data will still prompt the user for permission prior to the data being shared to the other developer&#39;s app.


Permission changes:

• Contacts
• Bluetooth
• Local network

Contacts:

Contact sharing in iOS 18:

Permissions are broken into two separate permission requests:

1. If any contacts should be shared
2. If contacts should be shared, the ability to select which contacts or to allow full access to all contacts.


Bluetooth:

Changes to the Bluetooth authorization prompt in iOS 18:

Updated Bluetooth authorization prompt now includes a displayed map location, as well as showing general information about other nearby Bluetooth devices.


Local network:

macOS 15 brings control over your apps&#39; access to devices on your local network, by displaying a dialog prompt to the user to ask permission for the app to access devices on the local network.

Network connections affected:

• Bonjour browsing or advertising
• Custom multicast
• Custom broadcast
• Unicast connections (local network)


New platform capabilities:

New capabilities in iOS 18 and macOS 15:

• Locked and hidden apps
• Automatic passkey upgrades
• Private caller ID

Locked and hidden apps:

On iOS 18, apps can:

• Be hidden
• Request authentication before they can be accessed
	- Face ID / Touch ID used for the authentication mechanism

Accessing a locked app:

• Authentication required before access
• All access methods are covered
• App contents are hidden across the system

	- Without authentication, data from your app will not show up in search results and access to the app from the Lock Screen or other areas will require authentication before the relevant data from the app is made available.


Automatic passkey upgrades:

• Apps which use passwords should add support for passkeys
• Apps should automatically upgrade password authentication to use passkeys instead.


Private caller ID:

Available late 2024