Unpacking iOS 18’s New Privacy Features – A Digital Forensics Perspective

HaystackID - Unpacking iOS 18’s New Privacy Features – A Digital Forensics Perspective
Image: HaystackID Team with AI.

[EDRM Editor’s Note: This article was first published here on July 8, 2024, and EDRM is grateful to Trusted Partner HaystackID for permission to republish.]


HaystackID Logo

HaystackID Editor’s Note: This article, authored by John Wilson, Chief Information Security Officer and President of Forensics at HaystackID, examines the implications of iOS 18’s new privacy features for digital forensics and offers practical strategies for digital forensic experts to handle these new challenges. Wilson is a strategic, results-oriented leader with over 20 years of experience in information security and risk management. He excels in building robust security governance, policies, and INFOSEC teams, providing expert leadership, and assisting diverse organizations in developing enterprise-level information security programs that balance strong security practices with business needs. Wilson and his team developed HaystackID’s Mobile Elite Discovery and Analysis Lab (MEDAL) Suite, which equips legal teams with the tools for swift remote triage, targeted data extraction, and efficient review processes for mobile data.


With every iOS update, Apple continues to tighten its grip on user privacy. The newly introduced iOS 18 is no different, bringing a suite of privacy features that are bound to make our lives as digital forensic experts a tad more challenging. Keep in mind, this is a beta release, we do not know what the final released version will look like and what the true impact of these changes may be. Let us dive into these features, understand their implications, and explore how we might navigate these new hurdles.

With every iOS update, Apple continues to tighten its grip on user privacy. The newly introduced iOS 18 is no different, bringing a suite of privacy features that are bound to make our lives as digital forensic experts a tad more challenging.

John Wilson, Chief Information Security Officer and President of Forensics at HaystackID.

Locked and Hidden Apps: The New Fort Knox

What’s New: iOS 18 allows users to lock or hide any app on their device. Locked apps require Face ID, Touch ID, or a passcode to access, even when the iPhone is unlocked. Hidden apps are removed from the home screen and placed in a hidden folder that also requires authentication to access.

Forensics Impact: This feature could significantly hinder our ability to access certain apps and their data. While locked apps are not new, the combination with hidden apps adds an extra layer of difficulty. Traditional methods might not suffice, necessitating advanced techniques or obtaining the necessary authentication credentials through legal channels.

Improved Contacts Permission: A New Layer of Privacy

What’s New: Users can now selectively share contacts with apps instead of granting access to their entire contact list. This granular control over contact sharing limits the amount of contact information available to forensic investigators when examining app data.

Forensics Impact: Selective sharing means we might only get a partial view of contact interactions, making it harder to piece together comprehensive communication patterns. We need to adapt by focusing on other sources of contact data, such as call logs and messaging apps.

Read the rest of the article here.


About HaystackID®

HaystackID solves complex data challenges related to legal, compliance, regulatory, and cyber events. Core offerings include Global Advisory, Data Discovery Intelligence, HaystackID Core® Platform, and AI-enhanced Global Managed Review powered by its proprietary platform, ReviewRight®. Repeatedly recognized as one of the world’s most trusted legal industry providers by prestigious publishers such as Chambers, Gartner, IDC, and Legaltech News, HaystackID implements innovative cyber discovery, enterprise solutions, and legal and compliance offerings to leading companies and legal practices around the world. HaystackID offers highly curated and customized offerings while prioritizing security, privacy, and integrity. For more information about how HaystackID can help solve unique legal enterprise needs, please visit HaystackID.com.

Assisted by GAI and LLM Technologies per EDRM GAI and LLM Policy.

Author

  • John Wilson Headshot

    John provides expertise and expert witness services to help companies address various matters related to digital forensics and eDiscovery, including leading investigations, ensuring proper preservation of evidence items and chain of custody. He develops processes, creates workflows, leads implementation projects as well as GDPR data mapping services. John is a certified forensics examiner, licensed private investigator, and information technology veteran. As a computer forensics expert, he has testified as an expert witness in numerous local, state, federal, and international courts. His clients have included the Federal Deposit Insurance Corporation, individual Senate Oversight Committees, the U.S. Securities and Exchange Commission, and the Department of Justice.

    View all posts