Apple views privacy as a human right
App developers - be mindful of privacy
Keeping the app ecosystem as a trusted place is important.
Architecting for privacy
- Data retention
- Data privacy
- Data storage
- Identifiers
Data Retention
- Have a retention policy
- Delete data when it no longer serves a user need
- Collect the minimum data necessary
- Balance storage of data against the risk of compromise
Data Minimization Techniques
Anonymize
Aggregate
Sample
De-resolve
Decay
Minimize
What's the use of the data? What decisions are the collected data driving? If you can't come up with an answer, don't collect it. Minimize.
Data transfer
- Encrypt data in transit
- Keep sensitive data on the device, do not transmit
- Process sensitive data on-device
A good example of sensitive data - health data for a workout app. Process it on the device.
On Device
- Data protection
- Keychain - store your secrets inside a keychain's encrypted storage
Server side
- Encrypt data at rest
- CloudKit
Transparency
Be clear about what data is being collected
- Give users the ability to inspect data
Explain how it will be used
- Purpose strings
- Privacy policy
Give users control
- Limit ad tracking
Updates
iOS
OS X
watchOS
iOS
MAC Address Randomization - introduced in iOS 8, expanded in iOS 9
App Detection
- The apps which a user has installed is their business
- Trying to detect which apps are installed is contrary to the iOS security model
- Whether your app is installed is not another app's business
canOpenURL
Purpose is to determine whether an app can open a certain URL type
50 distinct schemes for apps linked before iOS 9
sysctl retrieves system info for processes with appropriate privileges
In iOS 9, sysctl will be further restricted from checking certain kern flags (check session video for details.)
OS X Cookie policy
In OS X Yosemite and earlier, cookies are shared among all applications and are kept in sync.
In OS X El Capitan, cookies are *not* shared. Current Mac App Store apps should already be in compliance for this change.
Privacy in reporting
- Report insights not data
- Report aggregates
- Require thresholds
De-anonymizing your users is bad. Don't do it.
Prompting well
When prompting for something, fully inform your users why you need this data and ask them to allow it. Concise, clear explanations.
App Transport Security in iOS
- Secure - TLSv1.2 with forward secrecy - connections by default
- Specify specific domains with insufficient security in your app's info.plist. Otherwise, those connections will fail.
CoreSpotlight in iOS
Protect your data in Spotlight
When a user adds something to your app, add it to Spotlight for search. When they delete it, remove that data from Spotlight automatically and don't leave that data sitting in Spotlight.
Leverage existing technology
TouchID
Apple Pay
iOS encryption
Privacy policy
Required for some apps, for example those that use HealthKit or do purchasing.
Data protection on iOS
Uses hardware encryption to protect user data on iOS and watchOS
Per-file encryption