Light Dark
October 1, 2015 By Shane Schick 2 min read

Most of us may overlook the fine print when we use technology products and services, but security experts say Apple’s revamped privacy policy may become a case study in helping consumers better protect their data.

In an open letter titled “Apple’s Commitment to Your Privacy,” Tim Cook made it clear that the maker of iPhones and iPads would not be handing over personal information to government agencies or providing a backdoor in products for surveillance purposes. The privacy policy also offered details on how six-digit passcodes will become a default in touch-enabled iPhones, how Maps data will be anonymized by assigning random numbers to users and how Siri’s personalized recommendations will be encrypted.

Experts told Threatpost the new Apply privacy policy will raise the bar for similar technology companies that routinely collect customer information in ways that aren’t always transparent or easily comprehensible. In fact, the page with Cook’s letter goes well beyond the typical boilerplate on how data is used. It also provided a number of suggestions for Apple customers to customize and improve the way they keep information confidential.

Of course, as TechCrunch pointed out, reading a privacy policy has typically been a painful experience for anyone who doesn’t have a legal background. In this case, however, Apple’s clear language and even illustrations of concepts such as two-step verification may prove particularly educational. The company is also offering a substantial amount of data, such as the 6 percent of government information requests seeking personal information versus the 94 percent related to stolen iPhones.

Apple recognizes that its devices aren’t only used for personal purposes but by an increasing number of businesses, as well. That’s probably why the company also released a 60-page white paper on security in iOS 9 as part of its privacy policy. According to Wired, the white paper suggested IT departments undergo a careful review of the operating system’s security features and think through how they can be applied to scenarios where an iPhone 6S might be deployed by a large enterprise.

These changes are probably a necessary move by Apple, the Washington Post suggested, given that its products are increasingly part of so many everyday experiences. This includes health and fitness apps, consuming information via its News app, music through iTunes and Apple Music and so on. Based on the largely positive reaction from the security community, Apple’s privacy policy may turn out to be one of the most popular things it releases in 2015.

 |  |  |  |  |  |  | 
Shane Schick
Writer & Editor

More from

December 23, 2024

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

November 22, 2024

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

November 21, 2024

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature