Today many people carry their entire digital life around in their smartphones. Emails, text messages, address books, calendars, to do lists, banking apps, music, and photos are just a few of the valuable items found on these small slabs of metal and glass. This makes the humble cell phone an attractive target for hackers. Recently, the news has been filled with stories about smartphone security. This is a result of the fact that the president was known to have been using an ancient, insecure Android phone from 2012 (Samsung Galaxy S3). He finally upgraded to an iPhone this week.
Why was an iPhone chosen for the President of the United States? Probably because it’s the most secure phone on the market today. It is amazing the lengths Apple goes to and they do it without much fanfare. Buried toward the end of the iOS webpage is a section called “Privacy and Security” with a short paragraph on security:
iOS offers the most advanced security of any mobile operating system. For starters, hardware and firmware features are designed to protect against malware and viruses, while iOS features help to secure your personal information. Touch ID lets you use your fingerprint as an easy alternative to entering your passcode each time, preventing unauthorized access to your device. And we give developers tools to make the safest apps possible, including top-notch encryption, app transport security, and more. The point is, security runs throughout the entire system — everything from the hardware to iOS to the App Store.
Deep down though, iOS security is hidden universe of its own. The IOS Security Guide explains the details in 63 pages and there is an interesting lecture on Apple’s Developer website that covers the highlights in 25 minutes. To make a long story short, since Apple has control of both the iPhone hardware and iOS software, they can insure security from the moment the iPhone is turned on and even when it is turned off. They don’t even allow downgrading iOS software since that would make a secure iPhone insecure. Also, each iPhone has a completely separate security microprocessor called the “Secure Enclave Processor”(SEP) that includes a unique code burned into it. This means that only your iPhone can decrypt your data. Finally, Apple enforces its commitment to security on its App developers as well as on how a device securely communicates with the outside world.
To be fair, Google / Android does care about security and implements many of the same measures in the most recent versions, but only 3% of Android users have upgraded compared to 80% of iOS users. Apple’s security philosophy is a great example of something called “layered security” which professionals recommend as the best practice to stay safe online. A future post in this series will explore layered security in detail.