Apple touts iPhone 13's privacy features, but doesn't address spyware worries

The huge device maker also skipped over its controversial plans to scan user devices for child exploitation images.

Bree Fowler Senior Writer
Bree Fowler writes about cybersecurity and digital privacy. Before joining CNET she reported for The Associated Press and Consumer Reports. A Michigan native, she's a long-suffering Detroit sports fan, world traveler, wannabe runner and champion baker of over-the-top birthday cakes and all-things sourdough.
Expertise cybersecurity, digital privacy, IoT, consumer tech, smartphones, wearables
Abrar Al-Heeti Video producer / CNET
Abrar Al-Heeti is a video host and producer for CNET, with an interest in internet trends, entertainment, pop culture and digital accessibility. Before joining the video team, she was a writer for CNET's culture team. She graduated with bachelor's and master's degrees in journalism from the University of Illinois at Urbana-Champaign. Though Illinois is home, she now loves San Francisco -- steep inclines and all.
Expertise Abrar has spent her career at CNET breaking down the latest trends on TikTok, Twitter and Instagram, while also reporting on diversity and inclusion initiatives in Hollywood and Silicon Valley. Credentials
  • Named a Tech Media Trailblazer by the Consumer Technology Association in 2019, a winner of SPJ NorCal's Excellence in Journalism Awards in 2022 and has twice been a finalist in the LA Press Club's National Arts & Entertainment Journalism Awards.
Bree Fowler
Abrar Al-Heeti
3 min read
James Martin/CNET

Apple says the iPhone 13 features privacy that's "built in from the beginning." It pointed to on-device processing of voice commands and features to block third-party tracking as evidence of that commitment.

The features will come as part of iOS 15, which rolls out on Monday. That means most iPhone users will benefit from the upgrade, not just those shopping for swanky new smartphones .

For example, the new operating system gives Siri on-device speech recognition. That means, Siri voice requests don't leave your iPhone to be processed remotely. Intelligent tracking prevention feature also blocks trackers from profiling you by using your IP address. Email privacy protection also hides your IP address and prevents senders from learning about your mail activity, the company said. 

Watch this: Apple reveals iPhone 13

The Tuesday rollout of flagship devices, however, skipped over two significant issues that raise questions about Apple's privacy practices. The company didn't mention an urgent update to its operating systems that closed an exploit that has already been used to target activists and journalists. Apple also steered clear of its own plans to spy on users by searching iPhones, Macs, iPads for images of child exploitation.

On Monday, Apple released security updates for its iPhone, iPad, Apple Watch and Mac computers that close a vulnerability reportedly exploited by invasive spyware built by NSO Group, an Israeli security company. 

The fix stems from research done by The Citizen Lab, a public interest cybersecurity group that found a Saudi activist's phone had been infected with Pegasus, NSO Group's best-known product. According to Citizen Lab, the zero-day, zero-click exploit against iMessage, which it nicknamed ForcedEntry, targets Apple's image rendering library and was effective against the company's iPhones, laptops and Apple Watches. 

Apple says it's doubtful the exploit posed a danger to most users, noting that any attack would have to be highly sophisticated and cost millions of dollars to develop. As a result, a cybercriminal would probably save it for use against a specific person.

Still, Citizen Lab, which is based at the University of Toronto, expressed concern about potential use of the exploit. It determined NSO used the vulnerability to remotely infect devices with its Pegasus spyware, adding the exploit has likely been in use since February. "We urge readers to immediately update all Apple devices," the group said.

Separately, Apple has faced blowback for a now-postponed feature set that's designed to detect if people have child exploitation images or videos stored on their device. The features were initially intended to be included in iOS 15, iPad OS 15, WatchOS 8 and MacOS Monterey.

The feature converts images into unique bits of code, known as hashes. The hashes are then checked against a database of known child exploitation content that's managed by the National Center for Missing and Exploited Children. If a certain number of matches are found, Apple gets an alert and can then choose to investigate. 

Security experts and digital privacy groups including the Electronic Frontier Foundation, Fight for the Future and Surveillance Technology Oversight Project (STOP), have decried the plan and held protests Monday ahead of the iPhone launch in front of about a dozen Apple stores.

In addition to amounting to corporate surveillance, the groups say the feature would create a backdoor into consumer devices that could be taken advantage of by authoritarian regimes and potentially put lives at risk.

Apple hasn't said when the feature will be released. On Sept. 3, It delayed the rollout to make improvements and address privacy concerns.

Apple's fall launch -- which was virtual again this year because of the COVID-19 pandemic -- tends to be the company's most important of the year. It's when the company announces new iPhones, which represent about half its revenue. Its lineup from 2020, the iPhone 12, offered 5G and the first major design revamp since 2017's iPhone X

CNET's Ian Sherr contributed to this report.