The iPhone Security Flaw That Apple Intentionally Creates

| Editorial

Apple includes certain convenience functions in iOS that make life better. Then, as a result, inventive users find workarounds that expose private information using special techniques. This is often labelled a "Security Flaw." Of course, it's nothing of the sort. But the bigger question is, what is Apple thinking?

____________________

For a long time, it seems to me, clever users have been cooking up schemes to bypass routinely expected iPhone security by exploiting what appears to be lax user practices that are created in the iOS Settings. What a slight sense of both dismay and mischievousness, these are called "security flaws" which in this day and age creates a highly clickable headline.

Of course, if you go on to read the article, it explains how if you had never opened the door in the first place, this security flaw would never happen. Typically, then as almost an apology, the way to reconfigure the Settings properly is explained.

Here's an example of this process: "Security Flaw in iOS 9.3.1 Allows Access to iPhone Photos and Contacts."

Now, to be clear, I can't blame websites for pointing out potential iPhone security problems. And every author struggles with article titles that are accurate but compelling. And so, upon reflection, I think the recurring problem is really caused by Apple.

Yes, Apple, I'm Looking at You

Apple is willing to spend millions of dollars fighting the FBI to protect our privacy. The company and FBI, together, just put us through six weeks of a national discussion about the importance of protecting our personal data.

And yet, the iOS product manager and his management continue to allow these settings that claim great convenience and then allow easily found backdoors. Worse, all these convenience settings just confuse the average user because it takes time and patience to understand the ramifications of each choice in the settings. Most users don't bother.

Typically, when I go to my iPhone to investigate these workarounds, I find that long ago, I had clamped down on such settings to take the most conservative approach. One may argue that I take security on my iPhone too seriously, but in light of all the fuss described above, that make no sense.

In other words, over the years, I've learned to use my iPhone in a very secure way, and that requires a mindful, minimalist approach.

So long as Apple continues to offer these crazy, lax, convenience settings, inventive people are going to keep finding backdoors into our iPhones. In my mind that's just as big a problem as the lax encryption and backdoor some government agencies insist that Apple implement more formally.

I would like to see Apple eliminate these so-called convenience features and better inform its customers that security is much more important than access to, say, Siri from the Lock Screen. In time, we'll all learn to live with and operate simpler, more easily understood, better secured iPhones.

Popular TMO Stories

Comments

Scott Gill

I think this article would be a lot more interesting if the author sighted examples of these many convenience features that purport to create lax security.  Otherwise it seems no different from any other media story that uses panic inspiring headlines in place of any real story?

adamC

Sorry I don’t support your supposition here. So you reckon it will be easy to create a feature in a system with bugs, think again.

Yes I support the writer of the comment above and this sort of article is very much in line with the click bait ones and I don’t expect this from you.

John Martellaro

April 6: Jeff Gamet wrote: “Apple addressed the issue quickly without requiring an iOS update.”

http://www.macobserver.com/tmo/article/apple-needs-to-rethink-its-convenience-over-security-philosophy

Thanks, Apple.

Jamie

Does he really need to site examples? It is all throughout modern operating systems with virtually every app asking for access to personal data. I think this is actually an excellent analysis, and I use my devices similarly.

pnielan

I would have preferred an article with examples.

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account