iOS 15 Security & Privacy Features

Apple just released a major update to it’s iPhone operating system: iOS 15. (Note that iPads will get many of these same features, too, from iPadOS 15.) As usual, there are tons of cool and useful features, but given my bailiwick, I’m going to focus on the security and privacy aspects.

In this article, I’m just going to give you the highlights. I’ll link to articles that explain the features in more detail, including how to set them up and use them. NOTE: Many of these features only work with Apple apps, like Mail and Safari. I’m hoping they’ll allow other apps to use them down the line.

On-Device Siri Voice Processing

Until iOS 15, processing of voice commands, including dictation and Siri commands, were done in the cloud. When you would say the magic words “hey Siri”, your device would record the next words you spoke and send the recording up to Apple’s servers. A powerful voice recognition engine in the cloud would convert the spoken words to text and return this to your device.

While this is completely automated, Apple (and others) employed humans to review random (and supposedly anonymous) audio recordings to review and grade Siri’s homework, basically. This (rightly) worried a lot people when this came to light a couple years ago. Since then, Apple, Google and Amazon have given people the ability to opt out of this practice and curtailed the practice.

With iOS 15, all the speech-to-text processing is now done on the device itself. It requires a relatively recent iPhone because of the necessary processing power (iPhone XR/XS or later). This is a great improvement for privacy. (It’s not clear if Apple is still somehow doing human grading after pausing it in 2019.)

Mail Privacy Protection

If you get any sort of automated email, it’s almost guaranteed to have analytics tracking mechanisms embedded in the message. This allows the sender to know how many people opened the email, when they opened it, and where they were located when the opened it (roughly). As someone who sends periodic newsletters, I find this sort of information very valuable.

But this technique can also be used to gather other information about you and your device: the operating system type and version, perhaps the app’s type and version, screen size, and more. And this info is often shared with third party data miners to sell to others.

How does this tracking work? The emails have teeny tiny, essentially invisible images called tracking pixels embedded in the email message somewhere. (They may literally be images of size 1×1 pixel.) Each of these images has a unique name and they make a note of which person got which image. When you open the email and your mail app loads the image, the request for that unique file name tells them who you are. And the IP return address for the image request also gives them your rough location.

In iOS 15, Apple now allows you throw these trackers off your scent with a feature called Mail Privacy Protection. If you use Apple’s Mail app and turn this feature on, Apple will obfuscate the requests for these embedded trackers, giving them bogus information. From Apple: “Mail Privacy Protection downloads remote content in the background by default … all remote content downloaded by Mail is routed through multiple proxy servers, preventing the sender from learning your IP address. As a result, email senders will only receive generic information rather than information about your behavior.” Here’s how you enable this feature.

Hide My Email

Today, everybody wants your email address and your phone number. For most people, these are unique identifiers that never change, and a guaranteed way to contact you. In practice, this allows you to be tracked and spammed mercilessly. Well, Apple has solved half of that problem with Hide My Email. (And I cannot wait for the day when we can solve the phone number problem in a similar way.)

With iOS 15 and an iCloud+ account (starting at $0.99/month), you can generate random, unique email addresses to give out to these spammers. The emails will all forward to whatever email account you specify, hiding that real email address. At any time, you can disable one of these generated dummy addresses, cutting off the spam.

This isn’t new. Firefox Relay and DuckDuckGo Email Protection offer similar services. But they both (currently) lack one crucial feature that Apple’s service has: you can reply to these special email addresses and still hide your real address. The other services simply forward your email. If you reply from that account, your reply will contain your real email address. That’s useful for one-way email communication, like a newsletter or registering some product you bought. But if you may need two-way emailing, then you need to be able to reply without giving up your real address. Here’s how to use Hide My Email.

Private Relay

If you really want to hide your tracks on the internet, you need to hide your IP address. Every time you make an internet connection – to download an email, visit a website or stream a video – your device sends a request and gets a response. Each request has a “from” and a “to” address on it. The request is routed to the “to” IP address and the far end sends its response to the original “from” address that was included with the request. That’s how the internet works. So if you want to hide your real return address and still get the response, you have to get creative.

How this works is clever – and can be hard to follow – but here goes. Apple has set up a system involving two relays, or proxies. Your device first encrypts the contents of your request and destination address and sends that to the first relay, which is run by Apple. Apple then assigns you a dummy, temporary IP address and forwards your encrypted request to a third party relay (currently Cloudflare, I believe). That second relay has the key to decrypt your request. It then makes the request on your behalf using another dummy IP address. The response flows back through the relays. So basically, Apple knows your IP address but not the destination address or what you’re asking for. The second relay knows the destination and what you’re asking for, but doesn’t know your real IP address. Clever, eh?

There’s one last twist. Your IP address can be mapped to a rough location and many websites and services use this location to tailor their responses to you. For example, knowing what country you’re from will allow a website to pick the right language to use. What city you’re in will help them provide relevant restaurants in your area. Apple allows you to choose the granularity of your location: county and time zone (very rough) or city-level area (more specific).

Note that this feature currently this only works with Apple’s Safari browser and does not hide requests made from other browsers or other apps. This feature is also not available in several authoritarian countries like China, Egypt, Saudia Arabia, etc. It’s also currently listed as a “beta” feature, meaning that the functionality may not be fully baked yet. Here’s how to set up Private Relay.

Honorable Mention

There are a few other interesting privacy and security features in iOS 15. First, Apple has restricted access to the copy/paste clipboard. You may not realize this, but when you copy text on your iPhone, that text is available to other running apps – not just the one you pasted it into. Password managers sometimes try to “flush” that out by overwriting the clipboard after you paste. But Apple has now made this standard – only the app you paste into can see what’s on your clipboard.

Apple has built in its own two-factor authentication (2FA) function that could replace the likes of Google Authenticator and Authy. I’ve recommended Authy for a while now, mostly because a) it’s not Google and b) it provides a secure way to backup your 2FA setup codes. Apple now has a similar function built into iOS that will automatically fill in these values when you use Safari. If you use a different browser (I use Firefox), it’s still possible to use Apple’s authenticator, but it’s not nearly as convenient. But if you use Safari, this is a nice new feature. (And it’s way better than SMS-based 2FA.) Here’s how to use Apple’s built in authenticator.

Apple has created a new App Privacy Report feature. If you enable this, you can see what your apps are really up to behind the scenes, like how often they check your location. It keeps seven days of data and you can download a report if you wish. Here’s how to turn on App Privacy Reports.

Lastly, Apple has a new Separation Alerts feature that will warn you if you leave something behind (or if someone steals it). You can set it not to alert you if the device is at a known-okay location, like your home. Here’s how to set up Separation Alerts.