The security changes you can expect in iOS 12 | Cyber Security

This fall – very likely in September – Apple will unveil the next major release of its mobile operating system, 12. The beta version of 12 has been available for a little while now, so I took it for a test and tried out some of the security-related changes we’ll see rolling out when it is released.

Safari stomps out social trackers

Apple has been making a point to position itself as taking user privacy seriously on a number of fronts. With the iOS 12 update, Safari takes a cue from a number of other browsers in slapping the hands of social media trackers and forcing them to stop tracking users.

From iOS 12, Safari will both stop advertisers from knowing uniquely identifying information about the user’s phone, and stop sharing-buttons and comment boxes from tracking users unless the user has opted in to interacting with those buttons/boxes.

This will prevent social media sites (read: Facebook) from keeping tabs on users when they’re not using the sites, and will also prevent advertisers from tracking phone users (to serve up highly-targeted ads, of course) while they’re going about their browser-y business.

Many browsers already had either built-in or add-on features for the privacy-minded, in some cases quite similar to what Safari will now offer – for example, Firefox’s Facebook Container add-on. A notable difference here is that these tracking protections will now be present in the browser by default, guarding the privacy of users who may not even have realized they were being tracked in the first place.

iOS can now update automatically

After installing iOS 12, your phone will reboot, and as with all major iOS updates, you’ll go through a brief initialization process. These are usually pretty similar – enter your iCloud credentials, and set up a passcode if you haven’t already (and you should). However, this time, a new feature stood out: Enable automatic updates for iOS.

Right now, users have to manually download and install each iOS update. Given all the incremental updates that roll out between major versions, this can be both burdensome to users and suboptimal for security reasons: Users who don’t install updates right away (or don’t know how) are missing out on updates that could protect them from active threats and attacks.

Apple will now put the option unskippably front and center for its iOS users as they run iOS 12 for the first time, with a big prompt to turn on automatic updates:

Users who have this option enabled will get a warning from their phone that a new update will install, as well as a notification after-the-fact that they’ve been brought up to date.

Credential AutoFill supports third-party password managers

Many of the updates in iOS 12 seem to indicate that Apple wants to make it easier for everyone to manage their passwords, even if they don’t want to exclusively use Apple products. Of course, their preference is that iOS users stick with Safari, so the bulk of these updates will only work when it is being used as the web browser.

That said, third-party password managers will be able to AutoFill credentials into apps and Safari via an API. So if you’re visiting a website and you know your (non-Apple) password manager of choice has the login credentials stored, you no longer would need to do a somewhat annoying switch-back-and-forth-cut-and-paste dance to grab the username and password between your app or browser and your password manager. Instead, the password manager will work much like it does on your computer-based browser, where Safari will show an option to auto-populate your credentials from your password manager right in the QuickBar.

This credential AutoFill feature will only work if your third-party password manager (like 1Password or LastPass) supports Apple’s password manager API for iOS 12.

Right now as we’re in beta, password manager makers are still working on getting their side of things up and running, but 1Password and LastPass have both said they will support AutoFill when iOS 12 officially launches. (KeePass users, there have already been several requests for iOS AutoFill support on several KeePass mobile apps, so keep an eye out for this feature.) Previously, iOS users who wanted something like this would have had to install an extension or opt to use iCloud keychain.

For iOS users who are loyal to both non-Apple password managers and non-Apple browsers (like Firefox or Chrome), at this point it still looks like it’s up to them to download mobile extensions or add-ons if they want a similar experience.