Apple beefs up Intelligent Tracking Prevention and Safari security in iOS 13.4

Nav Bar
Nav Bar (Image credit: iMore)

What you need to know

  • Yesterday, Apple released iOS 13.4 to the public.
  • It brought with it new security and privacy features for Safari on both iOS and Mac.
  • Apple now blocks all third-party cookies by default.

Apple released iOS 13.4 to the public yesterday, and with it a swathe of new privacy and security features to better protect the privacy of its users whilst browsing.

The new release comes with several improvements to Apple's Intelligent Tracking Prevention features and also Safari on macOS. Apple's John Wilander described the changes in a blog post:

Cookies for cross-site resources are now blocked by default across the board. This is a significant improvement for privacy since it removes any sense of exceptions or "a little bit of cross-site tracking is allowed."It might seem like a bigger change than it is. But we've added so many restrictions to ITP since its initial release in 2017 that we are now at a place where most third-party cookies are already blocked in Safari. To keep supporting cross-site integration, we shipped the Storage Access API two years ago to provide the means for authenticated embeds to get cookie access with mandatory user control. It is going through the standards process in the W3C Privacy Community Group right now.

In a tweeted summary of the changes Wilander said:

This update takes several important steps to fight cross-site tracking and make it more safe to browse the web. First of all, it paves the way. We will report on our experiences of full third-party cookie blocking to the privacy groups in W3C to help other browsers take the leap... Second, full third-party cookie blocking removes statefulness in cookie blocking. There were many who raised concerns over ITP's future back in January. Hopefully, they'll now help spread the message that ITP is not only OK, it's leading the way.

See more

Full third-party cookie blocking also full disables login fingerprinting, which would be used to track which websites you're logged into and use it as a fingerprint. Wilander says Apple's new updates have also solved "cross-site request forgeries" and that all script-writeable storage will now expire after seven days as client-side cookies do.

You can read John Wilander's full blog post regarding the latest security updates to iOS and Safari on the Mac here!

Stephen Warwick
News Editor

Stephen Warwick has written about Apple for five years at iMore and previously elsewhere. He covers all of iMore's latest breaking news regarding all of Apple's products and services, both hardware and software. Stephen has interviewed industry experts in a range of fields including finance, litigation, security, and more. He also specializes in curating and reviewing audio hardware and has experience beyond journalism in sound engineering, production, and design.

Before becoming a writer Stephen studied Ancient History at University and also worked at Apple for more than two years. Stephen is also a host on the iMore show, a weekly podcast recorded live that discusses the latest in breaking Apple news, as well as featuring fun trivia about all things Apple. Follow him on Twitter @stephenwarwick9