How secure and privacy-oriented is iOS?

It’s a question that I’m often asked, from friends, colleagues and clients.

The answer is not simple, in a nutshell: if you stay in the Apple ecosystem, security is guaranteed but you may lost control of your data privacy. In contrast, if you jailbreak you device, earn back privacy control but you may break device security.

So, to deepen this topic, I would rather quote some highlights from a paper [1] found on GitHub:

  1. iOS subliminally and constantly collects sensitive data, links it to hardware identifiers almost guaranteed to link to a real identity
  2. iOS forces users to “activate” devices (including non-cellular) which sets up a remote UUID-linked (also collecting registration IP) database for a given device with Apple for APNS/iMessage/FaceTime/Siri, and then Apple ID, iCloud etc. Apple ought be open to users about “activation” and allow users to avoid it.
  3. Apple Activation servers are accessed via Akamai, which means sensitive data may be cached by Akamai and its’ peering partners’ which includes many global ISPs and IXPs
  4. Risk that macOS could be iOS-ified in the near future in the name of “security” while ignoring significant flaws in iOS’ design wrt privacy, forcing users to unnecessarily trust Apple with potentially sensitive data in order to even simply use devices.
  5. Controversial, draconian surveillance laws being implemented worldwide which could take advantage of Apple’s data collection and OS design choices, notably in, but not limited to, China, one of Apple’s largest markets.
  6. If iOS is to really be considered a secure OS, and if vanilla macOS is to become more secure, independent end-user control must be considered. Increased low-level design security at the cost of control, and the ability to prevent leaking data, cannot be considered a real improvement in security.

I suggest to read the whole writing [1], very useful.


References

  1. iOS, The Future Of macOS, Freedom, Security And Privacy In An Increasingly Hostile Global Environment

Related posts

  1. Anomaly Six LLC: collecting and selling mobile phone location data using an SDK
  2. iOS Forensics: HFS+ file system, partitions and relevant evidences
  3. Why Huawei USB stick setup on linux adds a strange “Huawei Autorun” script in system start?
  4. Sara Morrison: how SDKs, hidden trackers in your phone, work
  5. Weekly Tech Roundup #13