The security implications of Apple’s latest iOS update

Apple, the undisputed master of the granular update, has raised more than a few eyebrows with the rollout of iOS 14.5. With the debut of App Tracking Transparency, Apple has reversed the default position on in-app tracking from opt-out to opt-in.

It is a move that has elicited a mixed reaction. Advertisers are understandably unhappy about this; overnight, their revenue models have been turned on their head. On the other hand, unsurprisingly, the change has been warmly welcomed by not only by privacy campaigners but by the mainstream press, with the vast majority recommending that users update to the newest iOS version as a priority.

But it’s important to remember that as privacy becomes a greater part of our digital life, we should be aware that moves like this one might also inadvertently begin to impact on existing security solutions and have far reaching implications for our security.

What are the best ways to ensure user privacy?

This article will explore the best ways in which organisations can go about ensuring the privacy of their users. Read here

Privacy or privation?

There is more at stake here than a loss of advertising revenue. This is the thin edge of the wedge; the entire concept of user tracking is set to go through some seismic changes in the year ahead. Google is forging ahead with their intention to eradicate third party cookies from the Chrome browser by January 2022, a move that is being set to be echoed by Mozilla’s Firefox and Apple’s own Safari Browser.

In the coming months, other privacy-focused updates will emerge, so much so that Gartner have advised businesses to brace themselves for a period of sustained disruption – that’s advice that businesses would do well to heed. Apple’s update and the trend that it is part of, have far-reaching implications that touch on several industry sectors in ways that aren’t always immediately obvious or beneficial to the customer.

Apple’s latest iOS update currently excludes banking and retail applications from the changes, due to security needs. However, financial organisations are designed to prioritise security in their apps, utilising rigorous authentication technologies to keep their customers safe and secure. Some of those rely on cookies and other privacy-intrusive mechanisms and so in the worst-case scenario, the user could be inadvertently disengaging the very mechanisms designed to protect them and their identity.

With the upcoming changes to third-party cookies pending next year, for how long will these practices remain the norm? While it takes seconds for consumers to download this latest update, it can take months for organisations to redesign their entire security processes and infrastructure in response. As such it’s critical that banks begin looking at these processes sooner, if not now.

And as developers scramble to recode their apps to stay compliant with the new update, there’s the risk of problems arising from hastily implemented changes or incompatibilities.

A bank, for example, might experience serious pressure from just a 10% rise in failure demand — that’s easily enough to swamp a call centre. It can quickly lead to a loss of customer satisfaction, customer trust… and an increase in customer churn.

Covid-19 has sped up customer experience transformation for retail banks

Andrew Lawson, senior vice-president EMEA at Zendesk, discusses the fast-tracking of user experience transformation that Covid-19 has brought to retail banking. Read here

Crumbling cookies

Apple’s iOS update has been in the pipeline for some considerable time. The feature was originally scheduled to release in September 2020, a date that Apple put back to give developers time to make the necessary changes. And prior to this, in January 2020 Google stated its’ intention to phase out third-party cookies in its Chrome browser by 2022.

Whilst Google have yet to respond to Apple’s leap ahead in the privacy game, it would come as little surprise if they and other stakeholders accelerate their plans. Either way, it is the beginning of the end for conventional, unrestricted tracking methodologies, and the start of a period of sustained disruption.

For businesses, it is a wake-up call for those who are still relying on outmoded methods such as cookies for their authentication journeys. With the writing on the wall, it is time to look to technologies to help. Technologies such as behavioural biometrics will eliminate the need to prioritise privacy over security, or vice-versa.

This is because behavioural biometrics use dynamic, as opposed to static inputs such as the way customers type, swipe, or use a mouse. Static biometrics won’t stand up here as they use physical identifiers, such as fingerprints and facial recognition are not inherently privacy preserving — as they need to be handed over to third parties or rely on cookies to tell them who users are. Behavioural biometrics on the other hand are fine tuned to individuals and learn and adapt as the user journey evolves — a step change, simultaneously enhancing both security and privacy.

A great many iOS users will be thinking about privacy and updating their devices right now. If businesses are not offering that same assurance, customers will also find it equally quick and easy to switch to a competitor who does. It is critical that businesses start looking to solutions that help the consumer feel empowered with both understanding and at the same time offers the highest levels of protection from malicious actors.

Written by Amir Nooriala, CCO at Callsign

Editor's Choice

Editor's Choice consists of the best articles written by third parties and selected by our editors. You can contact us at timothy.adler at stubbenedge.com