Security news that informs and inspires

Apple Puts Privacy and Security Out Front

As concerns about the kind and amount of data that social media platforms, technology providers, and other companies collect about users, Apple is launching a new set of tools that allows users to take control of what they’re sharing with the company and download a copy of all of the data Apple has on them.

Apple’s new privacy portal provides a detailed picture of how the company handles data collection and storage and also of the security tools it uses to protect data on users’ devices and on Apple’s servers. The site also includes comprehensive descriptions of how Apple’s products and services collect and use an individual’s data, and details on privacy and security tools Apple provides for developers. Although much of this information has been available in various forms and various places before, the new portal provides a central landing spot for people looking for information on Apple’s own privacy and security practices as well as guidance on how to secure their devices and accounts.

A big chunk of the site is dedicated to giving users detailed information on how to enable various security features in iOS and macOS, such as two-factor authentication, as well as advice on choosing strong passcodes and passwords and identifying common attacks such as phishing. There’s also guidance on managing which apps can use location services, using private browsing mode in Safari, limiting ad tracking, and configuring parental controls to limit how children browse the web and what they can access on their devices.

Many people may not have a clear understanding of what kind of information companies collect and store.

Apple also goes into detail about the privacy and security tools that Apple uses to protect user data. For example, there’s a section explaining the way that Apple Pay handles users’ credit card information on the device and in transit.

“Your actual card numbers are never stored on the device or on Apple servers. Instead, a unique Device Account Number is created and encrypted in a way that we can’t decrypt and is stored in the Secure Element of your device. The Device Account Number in the Secure Element is walled off from your operating system and is never stored on Apple Pay servers or backed up to iCloud,” the site says.

“In stores, payments are processed by using the Device Account Number and a transaction-specific, dynamic security code. So neither Apple nor your device shares actual credit or debit card numbers with merchants.”

But the section that likely will attract the most attention is the page on which users can download all of the data that Apple stores on them, including iCloud backups, transaction history, and other information. Users also can ask Apple to correct certain data, temporarily deactivate an account or delete an account altogether. Many people may not have a clear understanding of what kind of information companies collect and store, so having the ability to see what is and isn’t stored can be very useful. To get a copy of your data from Apple, you simply need to sign in with your Apple ID and request the download. The download is available for up to 14 days, after which time it's removed from your account page and you'll need to request it again.

Some other companies, including Facebook, allow users to download a copy of the information the company stores on them, as well.