Information security has never been a more sensitive subject than it is these days, so it's little surprise that allegations from a security researcher that iOS contains a "backdoor" permitting access to users' information provoked a strong response from Apple.
Those accusations came from security researcher Jonathan Zdziarski, who was presenting at the Hackers on Planet Earth conference earlier this week. In his talk, "Identifying Back Doors, Attack Points, and Surveillance Mechanisms in iOS Devices," Zdziarski claimed to have found systems within iOS that could be used to access users' information, including photos, address-book information, voicemail messages, and more.
As troubling as that might be, there are some caveats. For one thing, in order for this information to be accessible, your iOS device needs to be connected to a computer. However, since the advent of iOS 7, you need to explicitly tell that device to trust a computer when you first hook it up — meaning that a malicious party who wants to get at your information would either need physical access to your iOS device or to have compromised a computer where you've already established that trust. That said, Zdziarski reports that at least some of these systems bypass the encryption on your iOS device backups, which ought to give anybody pause.
Apple, as you might expect, did not take these allegations lying down.
"We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues," an Apple spokesperson told Macworld. "A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent."
The company also reiterated its stance that it doesn't compromise its systems for the purpose of providing those access points to the authorities: "As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products or services."
While such statements may be intended to assuage fears over the privacy implications of these systems, they're hard to classify as categorical denials in this case. For one thing, Apple hasn't yet explained why anybody needs the breadth of information that these tools seem to provide access to, nor why these services, if indeed for diagnostic use, are not presented for users to opt into. In the case of enterprise environments where devices are provided by a company, users are generally made aware of the access that IT departments have to their devices. But when we're talking about the general public, no such warning is given — nor should it be needed.
Sign up for CIO Asia eNewsletters.