Apple iOS 8 Reboots Privacy, SecurityStronger Encryption Offered, But HealthKit Delayed
Apple has announced a raft of privacy and information security changes tied to the Sept. 18 release of its new iOS 8 mobile operating system.
The changes include stronger encryption for more types of data stored on a device that runs iOS 8, the addition of two-factor authentication to iCloud backups, a greater focus on user education, as well as a promise from CEO Tim Cook that the company will be more transparent in how it handles user data.
At the same time, the company announced that the HealthKit repository for users' health and fitness data, which was set to debut with iOS 8, has been delayed after a bug was found.
The changes, which represent a major shift in Apple's approach to privacy, were announced in a statement released by Cook, who highlights the ways in which the company will - and will not - touch people's data. "We don't build a profile based on your e-mail content or web browsing habits to sell to advertisers," he says. "We don't 'monetize' the information you store on your iPhone or in iCloud. And we don't read your e-mail or your messages to get information to market to you."
Addressing privacy concerns in the post-Snowden era, Cook says that Apple has "never worked with any government agency from any country to create a backdoor in any of our products or services."
Apple has also promised to make it more difficult for third parties - be they law enforcement agencies or hackers - to access data being stored on the device. "Apple doesn't scan your communications, and we wouldn't be able to comply with a wiretap order even if we wanted to," the company says, because iMessage and FaceTime video messaging communications are "protected by end-to-end encryption" between devices.
With iOS8, Apple is also now encrypting all stored iMessage communications. But the company does warn that both iMessage and SMS messages get automatically backed up to iCloud, unless users purposefully disable that feature.
iOS 8 Increases Data Encryption
One of the biggest privacy improvements to iOS 8 is that many more types of personal information - not just iMessage messages - are stored encrypted by default, and thus require users to enter their passcode to decrypt the data.
"On devices running iOS 8, your personal data such as photos, messages - including attachments, e-mail, contacts, call history, iTunes content, notes and reminders is placed under the protection of your passcode," Apple says. "Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data. So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8."
The move to encrypt more data by default represents a major change. "This is a significantly pro-privacy - and courageous - posture Apple is taking with their devices, and while about seven years late, is more than welcome," says iOS forensics expert Jonathan Zdziarski in a blog post.
But he warns that third-party digital forensic tools can still access some types of data stored on a device. "It's important to take a minute ... to note that this does not mean that the police can't get to your data," Zdziarski says. "What Apple has done here is create for themselves plausible deniability in what they will do for law enforcement."
Existing commercial forensics tools can still dump 3rd party app data, camera reel, video, and recordings from iOS 8 http://t.co/fbgNrKN12Eï¿½ Jonathan Zdziarski (@JZdziarski) September 18, 2014
From a technical standpoint, however, accessing data from the aforementioned Apple apps, when a user employs a passcode, becomes much more difficult without a passcode. "What has likely happened in iOS 8 is that photos, messages, and other sensitive data, which was previously only encrypted with hardware-based keys, is now being encrypted with keys derived from a PIN or passcode," Zdziarski says. If that's the case, then the change would make it much more difficult for someone to brute-force hack a PIN code. But that only applies to Apple apps, because to date, no third-party apps are afforded the same protections.
iCloud Gets TFA
In the wake of the hack of celebrity photos, Apple this week also announced a major change to the way it secures iCloud. "Two-step verification, which we encourage all our customers to use, in addition to protecting your Apple ID account information, now also protects all of the data you store and keep up to date with iCloud," Cook says.
Securing iCloud backups with two-factor authentication addresses a vulnerability that was exploited by image hackers, who stole celebrities' Apple IDs and passwords, then used those credentials to download backups of their device that had been saved to iCloud. Hundreds of related images and videos from more than 25 celebrities were then released online.
In the wake of the attacks, Apple announced that it would begin notifying users whenever their account password changed, or someone restored one of their iCloud backups to a new device. But many security and privacy experts warned that these alerts would do nothing to prevent account hacking in the first place.
While the addition of two-factor authentication to iCloud backups is a welcome step, Zdziarski argues that Apple could still do more. "While Apple has done their part to improve the security of iCloud, less-than-savvy users can still screw it up," he says, because Apple two-factor authentication remains an opt-in service. "Apple should force users to have this feature on if they enable Photo Stream or iCloud Backups, as they are likely to keep sensitive content in the cloud without necessarily knowing it," he says.
Bug Delays HealthKit
In other iOS 8 news, Apple this week announced that it had found a code flaw in HealthKit, its new, centralized and secure repository for storing a user's health and fitness data that's a key component of the Apple Watch, which is due out next year. "We discovered a bug that prevents us from making HealthKit apps available on iOS 8 today," Apple says in a Sept. 17 statement. "We're working quickly to have the bug fixed in a software update and have HealthKit apps available by the end of the month."
Apple hasn't commented on the nature of the bug, and whether it involved any security or privacy concerns, for what the company has been pitching as one of the biggest new features in iOS 8. But until HealthKit debuts, expect new health and fitness apps designed to work with it to also be delayed.