When websites started showing how to use Siri on locked iPhones to access photos and contacts some people called it a Siri security flaw, others called it a poorly thought out feature. Either way, Apple addressed the issue quickly without requiring an iOS update. The problem is that the incident underscores Apple's tendency to favor convenience over security.
Apple often sacrifices security for convenience
Turns out you could access photos and contacts by asking Siri from the lock screen to search Twitter for domain names like "apple.com," and use the responses to view an iPhone's contacts and photos. There wasn't any need to enter the device's passcode, which was convenient, but wasn't a smart security move.
TMO's John Martellaro summed up the situation nicely saying,
Apple is willing to spend millions of dollars fighting the FBI to protect our privacy. The company and FBI, together, just put us through six weeks of a national discussion about the importance of protecting our personal data. And yet, the iOS product manager and his management continue to allow these settings that claim great convenience and then allow easily found backdoors.
After demonstration videos hit the web, Apple quickly added a passcode requirement to the process. Since the fix was for Siri, Apple was able to make the change on its own servers instead of pushing a new iOS update out to users.
Apple's quick response was great, and making the fix on the back end, so to speak, was convenient for users—especially those who might not understand the ramifications of not requiring a passcode for certain lockscreen actions.
The situation underscores, however, a choice Apple often makes with its products: convenience over security. It's always a balancing act to find an acceptable level of security without becoming too inconvenient, and since that's a subjective point, there isn't any way for Apple to find a solution that's perfect for everyone.
Still, providing an unprotected opening into your iPhone's contact list and photos didn't feel like a decision in line with Apple's strong push to protect our privacy—especially in light of the company's recent fight with the FBI over a court order calling for Apple's engineers to create a hackable version of iOS.
At least Apple responded quickly after videos showing how easy it was to access contacts from a locked iPhone hit the web. Hopefully Apple will learn from these incidents and start thinking more critically about when it's appropriate to favor convenience over security and privacy.