John Wilson, HaystackID: Unpacking iOS 18’s New Privacy Features – A Digital Forensics Perspective

HaystackID

Extract from John Wilson’s article “Unpacking iOS 18’s New Privacy Features – A Digital Forensics Perspective”

With every iOS update, Apple continues to tighten its grip on user privacy. The newly introduced iOS 18 is no different, bringing a suite of privacy features that are bound to make our lives as digital forensic experts a tad more challenging. Keep in mind, this is a beta release, we do not know what the final released version will look like and what the true impact of these changes may be. Let us dive into these features, understand their implications, and explore how we might navigate these new hurdles.

Locked and Hidden Apps: The New Fort Knox

What’s New: iOS 18 allows users to lock or hide any app on their device. Locked apps require Face ID, Touch ID, or a passcode to access, even when the iPhone is unlocked. Hidden apps are removed from the home screen and placed in a hidden folder that also requires authentication to access.

Forensics Impact: This feature could significantly hinder our ability to access certain apps and their data. While locked apps are not new, the combination with hidden apps adds an extra layer of difficulty. Traditional methods might not suffice, necessitating advanced techniques or obtaining the necessary authentication credentials through legal channels.

Improved Contacts Permission: A New Layer of Privacy

What’s New: Users can now selectively share contacts with apps instead of granting access to their entire contact list. This granular control over contact sharing limits the amount of contact information available to forensic investigators when examining app data.

Forensics Impact: Selective sharing means we might only get a partial view of contact interactions, making it harder to piece together comprehensive communication patterns. We need to adapt by focusing on other sources of contact data, such as call logs and messaging apps.

Read more here

ACEDS