There's another hidden consumer security issue in iOS 6. Prior to this release, your apps had access to your device's Unique Device IDentifier (UDID). They can, and frequently did, use the UDID to track users and sessions, as well as to collect marketing data about your usage. Apple wisely deprecated access to UDIDs recently, and they're now completely inaccessible to apps via the review process in the Apple App Store.
That's all to the good, but UDIDs have been replaced by a thing internally called "identifierForVendor." This identifier, which is unique per vendor, can be used similarly to UDIDs for tracking your activities, sessions, etc.
How is that an improvement? For one thing, each vendor identifier gets wiped when the device is wiped, so if you decide to sell your device, the new user won't get your same ID.
The nice part for consumers: You have the ability to restrict access to vendor identifiers. (Go to Settings --> General --> About --> Advertising and turn ON the "Limit Ad Tracking" toggle.)
On the other hand, security-minded users will like the new privacy settings available in iOS 6 that go well beyond location data. You can now enforce privacy settings for access to your contacts, calendar data, reminders and other things. Anytime an app requests access to these items, the user will be prompted to allow or forbid that access. The privacy settings are reached through Settings.
These are just a few things that we can do as consumers to make our iOS 6 devices a bit more secure. It's also worth spending some time stepping through all the system settings as well as settings for each app (including its notifications), of course.
Then dive into iOS 6 and enjoy the many enhancements that we now have to play with.
With more than 20 years in the information security field, Kenneth van Wyk has worked at Carnegie Mellon University's CERT/CC, the U.S. Deptartment of Defense, Para-Protect and others. He has published two books on information security and is working on a third. He is the president and principal consultant at KRvW Associates LLC in Alexandria, Va.
Read more about security in Computerworld's Security Topic Center.