Apple is a leader in the tech industry when it comes to protecting user privacy and security. Compared to Google and Facebook, and even Microsoft and Amazon, Apple collects way less data about its users and is frequently the first to implement new security features across its software and hardware lineups.
However, that’s not to say Apple can’t learn a thing or two from other tech companies when it comes to protecting your privacy and data. Some of the biggest companies and plenty of smaller ones have come up with innovative offerings that help keep their user’s data more secure–offerings that Apple doesn’t offer, at least for now.
Apple normally releases new privacy and security features with its major operating system updates every fall. In the past, these updates have included enabling system-wide encryption on Macs, and offering a built-in password manager in the Safari browser for iOS and MacOS, just to name two examples. No doubt we’ll see more advanced privacy and security features when iOS 13 and macOS 10.15 land later this year. But if Apple needs some suggestions of what type of features to include, it need look no further than these features from other tech companies.
Block USB ports while a device is locked (Google)
In general, Google isn’t known for putting user privacy before profits. But it is serious about security. A great example of this is the Titan Security Key that Google released last year. The security key is a dongle that you plug into your computer when you log into an online account. The fact that the security key is present acts as a physical form of two-factor authentication that helps ensure rogue actors with your login credentials can’t access your account.
But I’m not suggesting Apple comes out with its own security key (though it wouldn’t hurt). Instead, Apple should follow Google’s lead in another area, and introduce a much more user-friendly security protection measure. Google will soon update its Chrome OS, which runs on Chromebooks, with a feature called USBGuard. This feature blocks devices that are plugged in via the Chromebook USB ports from accessing data or transferring data to a locked Chromebook.
This is a brilliant security move, as it’s common practice by bad actors to plug a USB drive into a laptop and run executable code from a program on that drive to infiltrate the computer. Hackers don’t do this when the computer’s owner is around. They either do this after they have stolen the laptop, or they simply wait until the owner has walked away and thinks their computer is protected because the screen is locked with a password. USBGuard thwarts this method of attack, as any device plugged into the Chromebook’s USB port is rendered inoperable until the Chromebook is unlocked again (you can whitelist “trusted” devices such as your own external hard drives).
Apple already has a similar feature on its iOS devices that blocks any kind of data transfer between an iPhone or iPad and a device plugged into its Lightning port after the iPhone or iPad hasn’t been unlocked for an hour (charging cables still work). It would be great if Apple follows Google’s lead and brought this technology to its MacBooks and iMacs, too.
A built-in VPN (Opera)
Safari is generally one of the fastest, most secure web browsers out there. Apple goes to great lengths to keep you safe by blocking all tracker cookies, offering a built-in password manager, and obfuscating your computer’s fingerprint on the web.
However, if Apple really wanted to make our web activities more private, it could follow Opera’s lead and build a VPN directly into Safari. A VPN is probably the most important tool everyday web users should be using to protect their privacy online, yet many don’t. Apple could change that overnight by building in a secure VPN so hackers can’t track you, and ISPs can’t sell your web activity to advertisers.
Email encryption (ProtonMail)
With FileVault 2, Apple was the first PC maker to automatically enable full disk encryption on all of its laptops and desktops. It was also one of the first tech giants to embrace end-to-end encryption for messaging. No one, not even Apple, can read the iMessages you send using the Messages app except you and your recipient.
That’s why it’s baffling that Apple doesn’t apply end-to-end encryption to its iCloud email service, as Proton does for its ProtonMail service. It’s time for Apple to change that. As important as end-to-end encryption is for an app like Messages, we often send our most sensitive data over email–for example, emails sent to our doctors discussing our health. If Apple wants to be the true king of user privacy, they should ensure that our emails are as off-limits to others as our messages are.
A highest-possible-security mode (Microsoft)
Apple can even learn something from its oldest competitor when it comes to security. With Windows 10, Microsoft introduced a new feature called S Mode. It’s a configuration of Windows 10–which was originally a cheaper version of Windows targeted at schools that might otherwise buy Chromebooks–that automatically enables the highest security and privacy settings on a PC. When you buy a new computer with Windows S Mode as the default, you can only download and install apps from the Microsoft Store, where they’re Microsoft-verified for security. It’s locked to Microsoft’s Edge browser to surf the web, and disables command-line shells, the registry editor, and developer tools.
For Apple’s part, MacOS already includes a feature called Gatekeeper that can be set to prevent users from installing apps outside of the Mac App Store. But still, a Mac’s Terminal app lets anyone with access to your computer run any UNIX command, providing unfettered access to your machine. Another baffling oversight: Though Apple defaults to full disk encryption on every Mac, the company doesn’t turn on MacOS’s built-in firewall by default.
There are some legitimate reasons why a small percentage of pro users might not want to turn on MacOS’s built-in firewall or disable access to the Terminal app. But for everyday web and email users, disabling the firewall and enabling Terminal access may do more harm than good.
So I’m proposing that Apple implement something like a MacOS S Mode. Make it optional during a Mac’s setup process, but at least give users the choice of automatically setting up their Mac with the strictest security and privacy measures possible.
All that being said, Apple’s products are still the all-around best when it comes to security and privacy. However, the goalposts of optimal protection keep moving, and if Apple wants to stay in the lead, it’s got to keep improving its strategy and offerings.