If mobile security is something that you’re usually concerned about, then you must have seen the recent news about certain vulnerabilities in Apple’s iOS mobile operating system that can potentially leave user data of very personal nature vulnerable to forensic snooping for people looking in the right places. Although the Cupertino tech giant had responded to these allegations earlier, they have today released a new statement that gives a detailed breakdown of the under question diagnostic services and affirms Apple’s position as being user privacy conscious and not putting it at risk for any third parties.
In an official statement, Apple clarified that it has never worked with any government agency ever for any reason whatsoever, and that the data available on an iOS device is encrypted with keys that are not shared with even Apple itself. Now, the company has provided a detailed breakdown of the purpose and function of each of the three services that are the prime focus of the controversy.
pcapd supports diagnostic packet capture from an iOS device to a trusted computer. This is useful for troubleshooting and diagnosing issues with apps on the device as well as enterprise VPN connections. You can find more information at developer.apple.com/library/ios/qa/qa1176.
file_relay supports limited copying of diagnostic data from a device. This service is separate from user-generated backups, does not have access to all data on the device, and respects iOS Data Protection. Apple engineering uses file_relay on internal devices to qualify customer configurations. AppleCare, with user consent, can also use this tool to gather relevant diagnostic data from users’ devices.
house_arrest is used by iTunes to transfer documents to and from an iOS device for apps that support this functionality. This is also used by Xcode to assist in the transfer of test data to a device while an app is in development.
The controversy originally arose when a security consultant, Jonathan Zdziarski delved deeper than ever into Apple’s iPhone and iPad operating system and explored the system from a vulnerability point of view. His opinion – which Apple denies vehemently – is that the nature of data collected by these services is of a too personal nature to be used for mere diagnostics. Furthermore, he instigates that when an iOS device communicates with a PC or Mac over iTunes, this data is transmitted which can then be obtained by a snooping third-party that can access that particular PC / Mac by whatever means possible.
This backdoor controversy, although just a few weeks old, has been one of those instances where Apple has been keen on responding and clarifying its position. It does make sense, too; Apple has always prided itself on having a secure operating environment that puts user privacy at the forefront. Even with the upcoming iOS 8, the Cupertino company has taken several steps that go a long way towards showing that they’re truly dedicated to ensuring peace of mind for users. In such a scenario, such loopholes can tarnish the company’s overall image perhaps irreparably, and so, it will be interesting to see how the story unfolds as we move forward.
Meanwhile, you can pick sides until we have a clear winner.