Apple’s long-awaited iOS 17 update for iPhones lands today with a number of new and improved security features. Much of the new features are aimed at protecting iPhone owners who are at greater risk of cyberattacks and spyware, like journalists, activists and human rights defenders. Other iOS 17 features are better suited for the wider population, including anti-web tracking and safely storing passwords and the easy sharing of newer phishing-resistant passkeys.
Here’s what we’ve seen so far.
New protections in Lockdown Mode
The biggest addition to Lockdown Mode is that it now runs on Apple Watch, not just iPhones, iPads and Macs. It can’t come soon enough, given that recent exploits used to plant spyware have been capable of compromising Apple Watch owners.
Lockdown Mode works by selectively turning off certain iPhone (and Watch) features that have been abused by spyware makers in the past, such as iMessage and HomeKit, making it far more difficult to break into a device and steal its data.
Lockdown Mode in iOS 17 also automatically removes the geolocation data from photos by default when sharing photos with other people, such as where the photo was taken, which could reveal where a person is located.
Another nifty feature means iPhones in Lockdown Mode will block automatically joining non-secure Wi-Fi networks that could allow a person on the same network to analyze the iPhone’s network traffic. Lockdown Mode also blocks connections to 2G cellular networks. This aims to block a range of cellular-based exploits that are often used by cell site simulators, or “stingrays,” which law enforcement use to trick nearby phones into connecting to fake cell base stations and track phone locations and snoop on calls and messages. Stingrays are controversial because they work over a wide area and are indiscriminate in which devices they ensnare.
More anti-web tracking features
iOS 17’s Safari browser now strips tracking information from web addresses that can be used to uniquely identify your device and track you across the web. This makes it more difficult for websites and advertisers to see which other sites you access.
You can select this feature in your Safari settings on iOS 17 to work when you’re using private browsing, or you can apply it to all browsing sessions to really make a dent. This shouldn’t affect or break your day-to-day browsing experience.
Private browsing will also lock by default, prompting the device owner to scan their face or fingerprint before their private tabs will open.
Check-in safety features and avoiding scammers
Passkeys, the phishing-resistant password replacement that allows you to log in without worrying that your passwords might get stolen, are getting an update. Tons of sites and services already support passkeys — Apple, Google, Microsoft, PayPal, and plenty of others. Before long, you’ll be password free for good. You can now share passkeys (and passwords, if you must) with friends and family. Passkeys and passwords are shared using end-to-end encryption, so nobody other than those in the group can access them, not even Apple.
Check In is a new feature that lets iPhone owners share with friends when they plan to arrive at their destination safely. The feature monitors the person’s real-time location and will alert the friend if something seems wrong. This location data is end-to-end encrypted, negating the need for third-party apps that have sold your location data to advertisers and data brokers.
And, finally: Live Transcription is an added bonus for folks who never want to be bothered by a spam or scam call again. Instead of answering (or declining) the phone — both can notify the caller that the line is active — live transcription converts the caller’s voice into text displayed on the screen in real-time.