WidgetKit security
WidgetKit is the framework developers use to offer widgets and watch complications. Both may show sensitive information and can be highly visible, especially on devices with an Always On display.
In iOS, users can configure whether to show sensitive data on the Lock Screen and while in Always On. In Settings, they can deactivate data access for Lock Screen widgets in the “Allow Access When Locked” section of Settings > Face ID & Passcode.
On Apple Watch, users can configure whether to show sensitive data during Always On by choosing Settings > Display & Brightness > Always On > Hide Sensitive Complications. They can also choose to show redacted content for all or individual complications.
If a user chooses to hide content they consider private, WidgetKit renders a placeholder for redactions. To configure redactions, a developer must:
1. Implement the redacted(reason:) callback.
2. Read out the privacy property.
3. Provide custom placeholder views.
Developers can also render a view as unredacted with the unredacted() view modifier.
As an alternative to marking individual views as privacy sensitive, for example, if an entire widget content is privacy sensitive, the developer can add the Data Protection capability to a widget extension. Until a user unlocks their device to match the privacy level selected, WidgetKit displays placeholders instead of the widget content. The developer must enable the Data Protection capability for the widget extension in Xcode and then set the Data Protection entitlement to the value that fits the level of privacy they want to offer:
NSFileProtectionCompleteNSFileProtectionCompleteUnlessOpen
WidgetKit hides these widgets’ content when the device is passcode locked and displays a placeholder until a user authenticates after they restart their device. Additionally, these iOS widgets arenʼt available as iPhone widgets on Mac.