To protect users’ privacy, iOS 12.2 will limit Web apps’ access to iPhone’s sensors

  News
image_pdfimage_print
A woman uses a smartphone to take a photo.
Enlarge / A user tries out features in ARKit.

The beta for iOS 12.2 contains a change to mobile Safari that could have implications for the advertising and marketing worlds, as well as for Web-based augmented or virtual reality more generally.

In the beta, a toggle labeled “Motion & Orientation Access” exists in the Safari privacy settings panel. This toggle determines whether sites visited in the mobile Safari browser will be able to access the iPhone, iPod touch, or iPad’s gyroscope or accelerometer. This setting currently defaults to “off,” which means users would have to have the foresight to navigate to the Settings app and enable it before being able to use AR experiences from the Web.

Two Apple employees on Twitter elaborated on the change. Apple software engineer Ricky Mondello wrote in a tweet thread recounting the various notes in the Safari 12.1 release for iOS:

Safari 12.1 (iOS): “Added Motion & Orientation settings on iOS to enable the DeviceMotionEvent and DeviceOrientationEvent events.”

This is disabled by default.

The wording in quotes from his tweet can be found in the official release notes on Apple’s website. And John Wilander, a WebKit security and privacy engineer at Apple, wrote in response to a tweet noting the change:

We asked for the ability to gate the feature with a user permission, for privacy reasons. Apparently the answer was no. That leaves no option but to turn it off by default for browsers that care about this kind of privacy.

However, when a Digiday reporter reached out to Wilander on Twitter for confirmation and clarification, he deferred to Apple PR, which has not yet provided a statement.

It’s important to note that these discussions refer to projects in progress within Apple, and the company’s approach or plans may change in the future. Apple could decide to change the default setting to “on,” or the company could later add permission prompts within the browser to enable it for lower friction.

The addition may have been made in response to a Wired article that revealed many Web apps had access to device’s motion data without users’ knowledge.

Advertisers and marketers are cited in an article on the subject on Digiday saying they are concerned that because most users will not think to enable access, this decision will cause insurmountable friction for future AR-based marketing activations. There have been several such activations for major film releases and the like, though these sorts of activations often have very low actual engagement. They are usually intended more to gain positive headline coverage from the tech and advertising press than to actually make a major dent amongst consumers.

This is far from the first time Apple has frustrated advertisers with privacy-oriented changes in Safari. But Apple has generally been bullish on the potential of augmented reality, making it a major focus in mobile hardware and software over the past couple of years. Further, reports in Bloomberg and other publications have repeatedly described a large team working within Apple on an AR glasses consumer product that could launch as soon as 2020.

Today, Bloomberg reported that that project’s lead executive has left the company, but there has nevertheless been no indication that the company has stopped working on the product. Apple still employs a large and growing AR-focused workforce.

https://arstechnica.com/?p=1451055