iOS 9: Just How Secure Is Apple’s New OS?
Apple’s new iOS 9 operating system for the iPhone and iPad brings an assortment of new and exciting features. The new software also brings a few small but notable compromises when it comes to the operating system’s priorities regarding your privacy and security — even as Apple works to overhaul how it approaches privacy and how it keeps users informed on how their data is handled.
Russell Brandom reports for The Verge that when Apple first unveiled iOS 9 this summer, one of the biggest selling points of the new operating system was a smarter Siri. With iOS 9, Siri is more deeply integrated into apps and services, pulls more data from a wider variety of sources, and offers you recommendations before you even ask for something.
But researchers have discovered a drawback to Siri’s new intelligence. iOS 9 enables users to access Siri from the lock screen. If you know how to manipulate that access, you can use it to add contacts or to access the photos that are stored on the device. While the vulnerability is unlikely to exploited widely, some critics are speculating that police could use it to inspect a suspect’s phone, even without knowing the passcode that locks it.
Fixing the vulnerability is simple; you can disable Siri access on the lock screen in the Touch ID & Passcode section of the Settings app. Unfortunately, as Brandom notes, most users won’t bother to change the default, if they find out about the vulnerability at all. That means that the iPhone’s lock screen protections just got a little bit weaker.
The lock screen vulnerability isn’t the only iOS 9 feature that should give security-minded users pause. For instance, the operating system is “promiscuous” when it comes to desktop tethering. An unlocked iPhone can tether to a computer with a single click, no password necessary, which enables the computer to copy emails, photos, and texts whenever the phone is connected, even if it’s locked.
Neither the lock screen vulnerability nor the tethering practice is particularly scary on its own. But as Brandom reports, their appearance in iOS 9 reveals an uglier truth about Apple and the priority it supposedly places on users’ privacy and security. While the company champions better forms of encryption and responsible handling of user data — and security experts find a lot to like with Apple’s software — Cupertino sometimes opts to trade security for convenience. That’s unsettling for users who thought that Apple left such practices behind with the Celebgate leaks, which were enabled by an overly cooperative iCloud systems.
While iOS 9 still offers some features that prioritize convenience over security, Apple is taking important steps to keep users informed about how its software handles their data, and how they can make their devices more secure. Matthew Panzarino reports for TechCrunch that Apple recently updated its privacy site, adding new information about iOS 9, the latest version of OS X, and the wide array of services and features offered to users. The section on how to “manage your privacy,” in particular, offers clear explanations of what you can do to improve your security, (use a complex passcode, enable TouchID, turn on Find My iPhone, and control the data you’re sharing with apps and ad exchanges, for starters).
Panzarino points out that privacy is something that everyone should care about, but studies continue to indicate that people either aren’t aware of the compromises they make or unaware of the implications of their choices. By expanding its privacy page and presenting information in clear language and with supporting data, Apple is making it easier for users to understand how the company is protecting their information.
Looking through Apple’s explanations of how iOS 9 handles users’ privacy, it’s clear that any information that helps users understand what happens to their data is good information to circulate. But it’s also important for users to know that if they choose to use a modern smartphone, and all of the cloud-dependent software it needs to function, there’s likely no such thing as a completely secure device. While it’s safer to entrust your data to Apple than to many other companies, a phone that’s easy to use will likely always make a few security compromises. Users just need to be aware of the compromises that Apple’s made, and decide which compromises they’re willing to make and which they’d rather opt out of by turning off features or changing default settings.