New Privacy and Security Features at WWDC 2023

There is certainly plenty to talk about from WWDC this year, but the privacy and security updates are not to be missed. One notable highlight:

App Privacy Improvements

New tools give developers more information about the data practices of third-party software development kits (SDKs) they use in their apps, allowing them to provide even more accurate Privacy Nutrition Labels. These changes also improve the integrity of the software supply chain by supporting signatures for third-party SDKs to add another layer of protection against abuse.

Like existing privacy labelling in the App Store, this is naturally predicated on the honour system, but it is a step in the right direction. Third-party sharing is one of the shadiest sides of digital privacy in apps and on the web, and it is only good for light to be shined in this area.

Other improvements include optional automatic blurring of potentially sensitive images and video — as I suggested — two-factor authentication autofill from Mail messages, and automatic removal of tracking junk on links shared through Mail and Messages.

Update: More on the SDK disclosure requirements from Apple:

First, to help developers understand how third-party SDKs use data, we’re introducing new privacy manifests — files that outline the privacy practices of the third-party code in an app, in a single standard format. When developers prepare to distribute their app, Xcode will combine the privacy manifests across all the third-party SDKs that a developer is using into a single, easy-to-use report. With one comprehensive report that summarizes all the third-party SDKs found in an app, it will be even easier for developers to create more accurate Privacy Nutrition Labels.

This sounds promising but, again, relies on compliant developers and software vendors. Apple says it will name and shame common third-party SDKs later this year.