Checklist 250: Apple Additions and Cybersecurity Awareness
It’s the first Checklist of Cybersecurity Awareness Month! We’ll cover:
Cleaning up the App Store
Last month, we talked about the security fixes and the new privacy features in iOS 15. There were some nice changes, and it looks like Apple has more privacy and security enhancements on the way.
To combat the growing problem of scam apps in the App Store, Apple is introducing the ability to report shady apps and developers. The new reporting feature will work for free, in-app purchase, and paid apps — just as long as you have the app installed.
Apple has offered a “Report a Problem” feature for some time, but this goes beyond that. According to an Engadget piece earlier this week, users will now have the specific option to “report a scam or fraud”. In addition to cracking down on scams, Apple is also attempting to tackle “offensive, abusive, or illegal content”. There will be reporting options for anything that falls into these categories as well.
The new reporting options are currently available to users in the United States, Canada, Australia, and New Zealand. Apple says that more regions will follow.
Deleting accounts and encrypting bookmarks
Apple is also introducing a couple of changes that will give users more control over their data.
Starting in 2022, apps that contain a “create account” option will also need to offer an in-app “delete account” option. This is an attempt to put an end to the practice of developers making it easy to sign up for an account, but prohibitively difficult to cancel it later on.
Apple has also decided to turn on end-to-end encryption for Safari bookmarks stored in iCloud. There are plenty of things stored in iCloud that are not protected by E2EE, but this is still a nice little privacy enhancement for users.
Apple readies digital legacy feature
There are signs that Apple is about to roll out a digital legacy feature. For those unfamiliar with the term, a person’s “digital legacy” refers to what happens to their data after they die. The main issue is that family members can access personal data that is protected by passwords or encryption. This includes things like financial accounts, medical records, cryptocurrency assets, and even personal files such as photos, music, and messages. (For a full discussion of digital legacies, see Checklist 80: Digital Legacies and this article on Planning your digital legacy.)
According to a piece published by iMore, Apple’s digital legacy feature will help designated legacy contacts access a deceased person’s iCloud data. iMore says that they believe the feature is coming soon because the iCloud usage agreement “specifically includes mention of what happens after death” and also because Apple has set up a site for the program.
Cybersecurity Awareness Month
It’s Cybersecurity Awareness Month, and we’re kicking things off by looking at an important report entitled “Oh, Behave! — The Annual Cybersecurity Attitudes and Behaviors Report 2021”.
The report, produced jointly by the National Cybersecurity Alliance and data analytics company CybSafe, shows that there’s still a lot of work to be done when it comes to teaching people about cybersecurity.
Some highlights:
- Just 46% of people surveyed use different passwords for important accounts — and 20% admit that they “never” or “rarely” use different passwords.
- Only 43% of respondents say that they “always” or “very often” use long, unique passwords.
- A full 48% say they’ve “never heard of” multi-factor authentication (i.e., not “I don’t use it” but “I don’t even know what that is”).
- Almost a third of users (31%) say that they update their software “sometimes”, “rarely”, or “never”.
If you’ve listened to The Checklist for a while, you know that all of this falls under “pretty standard” best practices for digital security and privacy:
- Way back on Checklist 08: Best Practices for Login and Password Security we talked about the dangers of reusing passwords — and about the critical importance of using strong, unique passwords.
- We covered multi-factor authentication on Checklist 139 – 2FA 101 and on Checklist 160: What If You Lose One Factor?.
- We’ve debated the issue of automatic updates before, but agree that in general most users (i.e., people who don’t cover Apple news every day for a living) should probably enable automatic updates.
- Finally, we did a show on how to turn over a new leaf if you aren’t already doing these things back on Checklist 213: New Year Security Resolutions.
Be the change you want to see
So how do we get people to take better care of themselves online, and start to protect their digital security and privacy?
Well, that’s the reason we started The Checklist: To share news, information, and how-tos in order to help everyday users improve their cybersecurity posture.
This is also why we ask you to share this podcast at the end of each episode. Sure, we like the clicks, and we love to see our audience grow. But the real point of The Checklist is to help more people stay safe online. And to do that, we need to get the word out.
During Cybersecurity Awareness Month, help make the people in your life a little bit more cybersecure by sharing any information you think they might need to hear. The episodes mentioned above are excellent places to start for cybersecurity basics. If you want to draw people into a conversation about digital security and privacy in a more lighthearted way, Checklist 212: The Hacky Holidays Special and Checklist 238: The Annual Summer Blockbuster Special are security discussions cleverly disguised as movie talk!
And remember, you don’t have to be a cybersecurity expert to help someone else stay safe. You just have to know something that they don’t, and share it!
Are you looking for security and privacy topics to share with someone during Cybersecurity Awareness Month? Check out our archives for a list of past podcasts with full audio and show notes for each one. Do you have a question that you’d like us to answer on the show? Write to us and let us know!