On Tuesday, we reported security experts’ surprise that Apple had opened up some code [technologyreview.com] at the heart of a forthcoming version of the mobile operating system that powers iPhones and iPads.
Security researchers told MIT Technology Review that the company might have decided not to obscure a component called the kernel as it usually did to encourage more people to report bugs in its software—or it had perhaps made an embarrassing mistake.
Apple declined to explain the change when contacted on Tuesday. But after the issue gained wider attention, the company released a statement Wednesday saying it had intentionally left the kernel unencrypted—but not for security reasons.
"By unencrypting it we’re able to optimize the operating system's performance without compromising security," an Apple spokesman said. He declined to elaborate on how exactly the performance of iOS would be improved.
That new detail doesn’t invalidate the observation by people familiar with iOS security that the change also invites greater scrutiny of Apple code that plays a central role in keeping devices secure by limiting what applications can do.
Previously the company wrapped the kernel in protections that had to be broken or worked around if a person wanted to properly inspect its internals. More people might examine Apple’s code now that less effort is required to do so.
Jonathan Zdziarski, an expert on iOS security, said Monday that change could mean more flaws get found—and fixed—in Apple’s operating system. “Opening up the OS might help other researchers to find and report bugs, by giving everyone just as much visibility as an advanced and well-funded research team might have,� he said.
If more people report bugs to Apple, it could make it harder for law enforcement and governments to use a tactic the FBI employed to get into an iPhone used by a perpetrator of last year’s mass shooting in San Bernardino, California (see “What if Apple Is Wrong? [technologyreview.com]�).
The FBI paid an unidentified third party to provide a way to break through Apple’s security after the company refused to help the agency. If Apple is able to fix more bugs thanks to outside tip-offs, cops could find that shopping for iPhone hacking tricks gets more difficult or expensive.