I’ve been on Lockdown Mode since it’s introduction, and I have some general thoughts on the experience and where it could go.
I noticed that I gravitate towards Safari as my default while on LM. On mobile because it appears to be the only browser that you can disable LM on a per-site basis. On desktop it’s almost the opposite, in that LM doesn’t appear to do jack with other browsers (I don’t notice any web font blocking, etc), so I feel the need to use Safari to guarantee the extra hardening.
I would like to read a paper on the methodology used to determine their choices in designing LM. Many of the things disabled seem to be very low risk (eg. web fonts) while other, more common risks aren’t addressed at all (eg. attachments). I get there needs to be a balance of security and usability (especially since it’s Apple) but I would prefer some level of transparency.
What I want from future iterations of Lockdown Mode are “pro mode” items. If I’m an advanced enough user to use Lockdown Mode, then I also want:
the option to fully turn off Wifi & BT in Control Center, not just disable them
the option to not have any EXIF data in photos, not just geolocation removed upon sharing
per-site JS toggling, like the toggle they have for LM under site settings
and so on. If I’m here and I’m comfortable, I would also like granular controls that might better suit my threat model.
I don’t know if this helps or not, but you can create a Shortcut on iOS to turn BT/Wifi off completely. You can’t add this to control Center, but you can add it to the Home Screen.
You can also create a shortcut to share a photo with metadata stripped.
I knew about the WiFi/BT shortcut, but not the EXIF one. That’s very helpful.
I’m coming from The OS That Shall Not Be Named (cough GrapheneOS) and it has excellent defaults. I didn’t need to use Scrambled EXIF or something similar because the default camera saved no metadata.
I guess if I wanted to be treated like an adult, maybe iOS was a bad choice?
For your number 1, I have moved completely to Safari for almost everything. Also added Wipr for ad blocking and iVerify on iOS for forcing https only connections. I still keep an updated Firefox browser on my MacBook if I ever want to disassociate web activity from Safari.
For your number 2 what seems dangerous can be in the eye of the beholder. Malicious web fonts has been a favorite of one and zero-click malware threat actors like NSO and the Chinese intelligence service. The later often poison seemingly legitimate websites focused on human rights with malicious web fonts used to deploy advanced spyware on iOS.
As for attachments not being blocked, I assume you mean in email? iMessage blocks most attachment formats including common image file types and all PDFs. For email I use Protonmail and have all automatic downloads/remote content turned off for all emails. Similar settings exist for Apple mail.
But you are right that there are additional low hanging fruit Apple can do to harden Lockdown Mode or at least offer additional hardening options for users who want them. I suspect they will do exactly that as they have promised to continue updating Lockdown Mode and have delivered some improvements in the short time it has been around. Considering how few people utilize Lockdown Mode I think the fact they focus on it, offer it to anyone that wants it, and have a proven track record of blocking state-level malware reflects very well on Apple’s security team.
I have been a shortcut ‘developer’ (I use that in air quotes because although the stuff I am doing is complex with hundreds of actions, it is only block code…) for three years now. Although it is powerful and the automations are genuinely useful (I would love something similar for Android) there are so many artificial limitations and annoying workarounds are constantly needed to do anything below surface level.
One of best things about Shortcuts is its approachability. Because of the simple block code, almost anyone can create automations without coding knowledge. However, this is also a huge crutch of Shortcuts, as it makes doing anything slightly advanced require large amounts of time, effort, and actions when in a language such as Java or Python, they would rudimentary and achieved in a couple of lines. For example, in order to run a shortcut every 5 minutes, I would have to setup an automation for every time manually, which would take ages. (Eg: 1:00, 1:05, 1:10, 1:15…)
There are also artificial limits to shortcuts, such as the slowing down of loops after a couple of repeats. You also heavily have to rely on Apple providing a method (usually in the form of an action) to do the thing you want. If they don’t, you’re left relying on finding a third party solution.
However, Apple is improving the app, and things like running automations without notifications are steps in the right direction. I hope they continue to support it and build on the features, as it is still a very useful tool in an otherwise locked down operating system.
It took me ages to work out how to disable wifi/bt based on entering a location. I understand they are trying to protect against abuse, I just wish there was a way to say “it’s really me, and I know what I’m doing”.