Exploring New Data Protection Features in iOS 16

Personal data security is a key focus for mobile OS developers, and Apple has turned privacy into a major selling point, dedicating an entire section to it on their website. In this article, we’ll discuss what’s new in privacy and security in the latest iOS 16, announced on September 7.

Safety Check

The Safety Check feature allows you to review or quickly reset privacy settings related to data access you’ve previously granted to people, apps, or devices.

What does this mean in practice? For example, if you once shared your location with someone who later abused your trust, that person could track your whereabouts with high accuracy. With some technical know-how, this could even enable full-scale surveillance. Safety Check lets you see who has such access and revoke it from anyone who no longer deserves your trust. You can read more about how to use this feature in Apple’s official documentation.

Apple positions Safety Check as a tool to help people in situations of domestic abuse, but its uses go beyond that. With this feature, you can reset access settings and system privacy permissions for apps (either all at once or individually). Previously, you’d have to dig through multiple menu items to revoke permissions for each app or reset all device settings, which was inconvenient.

Safety Check also lets you limit the reception of messages (SMS and iMessage) and FaceTime calls to a single device. It disables cloud functionality that allows you to see text messages and FaceTime calls not only on your iPhone but also on other Apple devices linked to your account, like an iPad or MacBook. While you could do this manually before, Safety Check brings all these options together in one place, allowing you to revoke permissions with just a couple of taps.

New Permission: Clipboard Access

Remember the fuss when iOS 14 introduced banners notifying you when an app read data from your clipboard? Many users found these banners annoying, and there was no way to disable them at the system level. In iOS 16, Apple finally addressed this: now, apps must request permission to access the clipboard.

Once you grant an app access to the clipboard, you won’t see the permission prompt again for that app. Interestingly, the permission request doesn’t appear if you manually paste from the clipboard by tapping “Paste” in the pop-up menu. The new feature only restricts background clipboard access—when apps try to access the clipboard without your direct action or consent. As of the beta versions, the feature seems a bit raw, but we’ll see how it works in the final release.

Protecting Hidden and Deleted Photos

The ability to hide photos has been around in iOS for a while. Previously, hidden photos were simply moved to a special album with an obvious name, and the same applied to deleted photos and videos. These albums disappeared from the main Photos feed but were easy to access by opening the corresponding folder.

This setup didn’t satisfy many users, as poorly hidden photos could be easily found if someone got hold of your iPhone, sometimes even leading to job loss. The App Store saw a boom in apps designed to hide or protect private photos and videos, but their convenience and security were often questionable.

Now, iOS 16 introduces a mechanism to protect private photos and videos from accidental viewing using standard system tools. In the new version, albums for hidden or deleted photos and videos are protected by default: accessing them requires authentication via Face ID, Touch ID, or your device passcode. You can disable this authentication in settings if you wish.

Security-Related Features

The features above focus on user privacy. Now, let’s look at new options designed to enhance device security or make existing security features more convenient.

Lockdown Mode

Perhaps the most interesting addition in iOS 16 is Lockdown Mode, a special mode designed to protect people whose public or professional activities put them at risk of targeted attacks.

To activate Lockdown Mode, you need to enable the setting and then restart your iPhone. The device will then operate in a special secure mode with certain functions restricted, including:

• All message attachments except images are blocked. Some features, like link previews, are also disabled.
• Some browser technologies, such as JavaScript JIT compilation, are disabled (except for sites you whitelist).
• Incoming calls, requests, and invitations from unknown contacts (whom you haven’t called before) are blocked.
• USB restricted mode is activated, preventing data transfer between the phone and a computer or accessory after the screen is locked.
• You cannot install configuration profiles or enroll the device in external MDM systems.

The restrictions are designed so the device remains usable. It’s likely that parents, rather than journalists or politicians, will use Lockdown Mode to protect their children. If you enable this mode on your child’s iPhone, remember to call your own number from the protected device, or you won’t be able to reach them.

Passkeys

Apple has introduced a new online authentication method intended to replace usernames and passwords. When you register on a site that supports this technology, a pair of asymmetric encryption keys is created: the public key is stored on the site, and the private key is stored in your device’s keychain (iPhone, iPad, or Mac). Private keys are synced via iCloud Keychain and protected with end-to-end encryption.

When you try to log in, the site generates a message encrypted with your public key. Only you, as the holder of the private key (stored on your iPhone), can decrypt it. After decrypting, your smartphone sends a response signed with the private key, and the site verifies your digital signature using the public key. This process is simple, transparent, and follows classic asymmetric cryptography principles.

Logging in to sites using this technology will be seamless if you use one of your Apple devices. If you want to log in from another device (like a Windows PC), you’ll need to scan a QR code with your iPhone and unlock your device to confirm your identity.

Apple expects this system to gain popularity over time. They’ve already partnered with companies like eBay, PayPal, Microsoft, NVIDIA, Best Buy, Cloudflare, and Carnival. The list will likely expand, especially in the US, where every other smartphone is an iPhone.

Rapid Security Response

This feature, described briefly on Apple’s website, allows for the installation of interim system updates, similar to the monthly security patches on Android.

Face ID in Landscape Mode

On iPhone 13 and 14, Face ID can now be used in both portrait and landscape orientations. Previously, iOS 15.4 introduced Face ID support for users wearing medical masks, and iOS 14.5 added the ability to unlock your iPhone with an Apple Watch if Face ID detected a mask. Both features were introduced in interim system updates, even though they were announced earlier.

iOS 14 and 15: What We Missed

Apple doesn’t always roll out features immediately after announcing a new iOS version. For example, the App Privacy Report appeared only in iOS 15.2, even though it was announced with iOS 15. The report shows information about permissions granted to apps, how they use them, and when they last accessed them. For example, you can see which apps requested your location and when.

Earlier, in iOS 14.5, Apple introduced App Tracking Transparency, requiring apps to ask for user consent before linking them to a unique Advertising ID, which allows tracking across websites and apps. Previously, apps had default access to this ID, but starting with iOS 14.5, users must explicitly agree to tracking. Surprisingly for ad SDK developers, only 4% of users gave such consent.

Why is this important? While advertising IDs are supposed to be anonymous, recent investigations revealed that US police and government agencies have used data from services like Fog Reveal to access the location history of over 250 million devices, often without proper legal procedures. Fog Reveal purchased this data from ad mediators, who in turn acquired it from owners of advertising SDKs embedded in popular apps. While the data is technically anonymous, authorities have shown that it’s possible to identify device owners with enough analysis.

In practice, police have had no trouble identifying smartphone owners based on this “anonymous” data. For more on how this is done, see articles on call detail records and law enforcement techniques.

Conclusion

When I started working on this article, little was known about privacy and security features in iOS 16. Over time, more details emerged, forming a complete picture. There are surprisingly many new features, though technical details remain scarce. Hopefully, this article helps you understand which new iOS 16 features might be useful for you.