iservice
Apple

Understanding Apple’s Security Ecosystem

Recently, WhatsApp has added end-to-end encryption, and announced it with a yellow pop-up message, which all of us are familiar with. End-to-end encryption is a technical method used to ensure that messages can’t be intercepted. The change has been made at the time where there is a sudden importance for privacy and security.

SOURCE

 

This change has been brought out because of the recent FBI vs Apple issue that has thrown light on the need for a strong security system. In the light of events, we believe that there is a need to understand Apple’s security ecosystem.

Since 2010, Apple has been one of the most valuable companies in the world. The reason Apple is valued so much is because the company makes popular products with generous margins. From the first Apple computer to the iWatch, it has created a strong place for itself, globally.

This unprecedented growth over the past decade is largely due to the iPhone and iPad. These days, iPhone accounts for 69% of the Apple’s revenue and Apple is stronger in the enterprise than it has ever been. Both these devices were perceived as being better in quality and design than competing products.

 

Apple’s Ecosystem

Sales aside, Apple’s biggest strength is its ecosystem. Apple has spent billions and building the App and the iTunes stores, as well as its cloud storage service, iCloud. iCloud allows users to back up their devices to Apple’s data centers. With some initial hiccups, users can now see to that their contacts and calendars seamlessly sync between all their devices just by logging in with an Apple ID.

SOURCE

 Apple maintains tight control over the entire ecosystem, from the hardware and OS to screening the apps and accessories.

Apple’s security ecosystem has been designed so that both the software and hardware are secure across all core components of every iOS device. This includes the boot up process, the software updates and secure enclave. This strong integration of hardware and software on iOS devices ensures that each component of the system is trusted and validates the system as a whole.

Apple regularly releases software updates to address emerging security concerns and also provide new features. Of course, these updates are provided for all supported devices simultaneously. Apple has understood that on mobile devices, speed and power efficiency are critical. Hence, Apple has an integrated and secure software and hardware that are the platform for iPhone, iPad and iTouch.

It also has an architecture and design that protects user data if the device is stolen or lost or if an unauthorized person tries to modify it. Apple has device controls methods that prevent unauthorized use of the device and enable it to be remotely wiped if lost or stolen.

 

FBI vs Apple

SOURCE

In December 2015, 14 people were killed and 22 were seriously injured in terrorist attack in San Bernardino, California. The FBI wanted Apple to create a new software that would enable the FBI to unlock a work-issued iPhone 5c, that they recovered from one of the shooters from the attacks in December. The work phone was intact but was locked by a 4 digit passcode and was set to eliminate all details after ten failed attempts to unlock it.

Apple declined because of its policy to never to never undermine the security features of its products and a hearing was scheduled for March 22. A day before the hearing was supposed to happen, the government obtained a delay, saying that they had found a third party able to assist in unlocking the iPhone and eventually, the FBI announced that they were able to unlock the iPhone and withdrew its request.

 

The Dilemma

Cyber security is a huge public safety concern. The FBI was confronted with its dilemma of gathering evidence in a terrorism case. On the other hand, Apple was considering the strategic implications of a world in which strong encryption is ubiquitous but only available to bad actors and not consumers of American products.

Some would argue that building a backdoor for just one iPhone is the ideal solution. But some say, that would be ignoring the basics of digital securities. The debate shall always continue and to reach a conclusion as to which side is correct is tough.

About the author

Payel