You’ve probably noticed that there are more dialogues to click and hoops to jump through lately on Mac and iOS devices. Here are a couple specific features and why they exist.

Share story

If you noticed Apple in the news recently, it was most likely related to one of several security and privacy topics.

The highest profile of these was a bug discovered in group FaceTime calling, which could allow the person making a call to immediately hear audio from a recipient before that person had accepted the call. Apple disabled the group FaceTime feature on its servers, nullifying the bug, and a software update (iOS 12.1.4) that fixes the bug and re-enables group FaceTime was released Thursday.

But that’s just one example. Apple, Facebook and Google have engaged in a low-key tussle for months over privacy. Apple CEO Tim Cook has been advocating the importance of personal privacy. While Apple largely makes its money selling hardware, social-media companies make most of their profits from advertising and using their customers’ information.

That’s a high-level view, so in this column I want to get more specific and practical about privacy on the Mac and iOS devices. You’ve probably noticed that there are more dialogues to click and hoops to jump through lately. Let’s look at a couple specific features and why they exist.

More Practical Mac columns

Read more from Practical Mac writer Jeff Carlson here.

The Secure Enclave. Privacy has several components, starting with securing the information in your devices. All iPhones, iPads and Macs require some kind of pass code to access their data, which is more than just a locked door.

Under iOS, the pass code is used to encrypt all the data on the device, so even if someone nefarious gets hold of your iPhone, for example, they can’t read the raw data from the storage memory.

It also enables you to easily wipe the data. With Find My iPhone (or iPad) turned on in the iCloud settings, you can remotely erase all the information on the device if you suspect it’s been lost or stolen. Instead of zeroing out all the data in memory, iOS needs to throw out only the encryption key, making all the data unintelligible.

A typical six-digit pass code provides the foundation of access to the device, though today’s phones and tablets supplement that with biometric data: either fingerprint recognition built into the Home button (Touch ID) or facial recognition used by the iPhone X and XS series and the latest iPad Pro models (Face ID). Both access methods are usually faster than entering a pass code — after using Face ID for the last year and a half, I’m completely spoiled and get annoyed if I have to punch in my six-digit code.

This security goes a level deeper. Apple incorporates a special chip called the Secure Enclave where the core ID data is stored. Not only is that data encrypted, it’s protected from access by apps and iOS itself. The identifying information is also not transmitted to Apple or stored on any cloud servers. In fact, data in the Secure Enclave isn’t accessible by Apple itself.

The MacBook Pro with TouchBar and latest MacBook Air models also include Touch ID and the Secure Enclave. In addition to storing pass code data, it’s used to secure Apple Pay transactions, iMessage messages and FaceTime calls.

An optional but recommended feature in macOS is FileVault, which encrypts all the data on your Mac’s startup drive, just like iOS devices. This feature is a good privacy protector if your computer is lost or stolen.

However, keep in mind that FileVault encrypts only the startup disk. You can encrypt a Time Machine disk in the Time Machine preference pane, so even if someone were to nab your backup, the data would still be inaccessible.

Full Disk Access and Accessibility permissions. The macOS Mojave instituted a setting in the Security & Privacy preference pane that requires you to manually grant permission for applications to access features that are normally off-limits. This layer of security prevents malicious apps from getting into sensitive areas, such as running low-level OS commands.

For example, the utility SuperDuper makes a duplicate of your hard disk that can start up the computer if necessary. To pull that off, SuperDuper needs to copy file permissions and other settings that are normally off-limits. So, when you install the application, you’re asked to add SuperDuper to the Full Disk Access panel in the Security & Privacy settings, which requires that you manually unlock the options using your Mac’s administrative password. Some apps require permission in the Accessibility panel, which involves a similar approval process.

Obviously, make sure you grant this power only to applications you know and trust. Doing so does involve a small amount of manual work on your part, but the benefits are worth it.

Jeff Carlson writes the Practical Mac column for Personal Technology and about technology in general for The Seattle Times and other publications. Send questions to More Practical Mac columns at