The document discusses code signing, sandboxing, entitlement features, space layout randomization (ASLR), and other security features built into iOS products.
“This document provides details about how security technology and features are implemented within the iOS platform. It also outlines key elements that organizations should understand when evaluating or deploying iOS devices on their networks”, Apple explained.
The key iOS security elements include the system architecture – secure platform and hardware foundations of iPhone, iPad, and iPod touch; encryption and data protection – architecture and design that protects the user’s data when the device is lost or stolen, or when an unauthorized person attempts to use or modify it; network security – industry-standard networking protocols that provide secure authentication and encryption of data in transmission; and device access – methods that prevent unauthorized use of the device and enable it to be remotely wiped if lost or stolen.
Commenting on the document’s release, Paul Henry, security and forensic analyst with Lumension, told Infosecurity that this appears to be the “first step by Apple in addressing security concerns of the enterprise marketplace.”
Apple has traditionally “stuck their heads in the sand” when it comes to security – “security by obscurity” – Henry opined. “Hopefully this is the start of something much larger with Apple”, he added.
The release of the iOS security document is likely a response to the popularity of the latest iOS jailbreak kit, noted Henry. The site hosting the Absinthe 2 jailbreak estimated that over 1.2 million Apple devices had been jailbroken in just a couple of days.
“Part of it is the massive number of people who rooted their i-devices in the last week when yet another rootkit-enabling tool came out on the web”, Henry said. The Apple document is a way for the company to say, “rooting your iPhone is not a good idea and here’s why”, he added.
Henry said that Apple’s issuing of the iOS security document is also likely a response to growing concerns about the bring your own device (BYOD) trend in the workplace.
“We are finally getting enough information in order to make educated decisions regarding security and the iOS products. In the past, we were just left with taking their word for it….Now we have much more detail to make security decisions as we prep policies for BYOD”, Henry observed.
Apple should expand its new-found openness on security to its Mac products, Henry said, adding, “hopefully, we will see some of this disclosure we are currently seeing in iOS carry through to their PC marketplace.”