4 Things You Should Know About Apple’s iOS8 Encryption

Share Article

With iOS 8, Apple has taken a major investigative power away from law enforcement and given privacy back to customers. But according to Dr. George Edwards, a mobile phone expert with Quandary Peak Research, there’s a major exception that could still expose your personal data.

Just because your call log can’t be pulled off your device doesn’t mean it can’t be found elsewhere.

When Tim Cook unveiled the iPhone 6 product line last month, the phone’s most distinguishing feature – its bigger screen – drew most of the attention. But many experts were far more interested in another aspect of the phone: new, robust protections for the personal data users store on their devices.

With the rollout of the iOS 8 software update, Apple quietly divested itself – and by extension law enforcement agencies – from being able to access data stored on your phone. It’s an unprecedented consumer-interest move that puts Apple in the throes of a contentious privacy battleground, both legally and morally, while also giving the company plausible deniability in what they can do for law enforcement when it comes to accessing data on your mobile device.

In a statement from Apple: "On devices running iOS8, your personal data such as photos, messages (including attachments), email, contacts, iTunes content, notes, and reminders is placed under the protection of your passcode. Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data. So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS8."

In other words, Apple is giving you the only set of keys to unlock your phone (your passcode or PIN), and they’re not making a copy of it for themselves—or anyone else for that matter. The devil is in the details for how this all works and what it means for your information and privacy. Here are four things you should know:

1. There Is Only One Set of Keys to Your Device, and You Possess Them – Once you set a passcode or a PIN for your phone, Apple will no longer be able to unlock your device—even if ordered to do so by court via search warrant or otherwise. Apple formerly stored encryption keys to unlock devices if ordered to do so legally, but that game is now over with iOS 8. If the data lives on your phone and nowhere else, there are no technical means through which law enforcement can access it. All they can do is try to force you to give them the PIN.

2. Only Data Stored on Your Device is Protected – Only data stored physically on your phone is encrypted with your PIN. Once you save information from your device into iCloud, the data becomes accessible by Apple and law enforcement agencies, should they pursue it through legal channels. There are settings for disabling iCloud if you wish to keep all of your phone data private and protected, but you risk not having the information backed up.

3. If You Forget or Lose Your PIN, Apple Can’t Help You Recover It – If you’ve forgotten your PIN or passcode, you’ll no longer be able to call Apple tech support to unlock the device or reset the passcode. The only option is to wipe the device and install a backup downloaded from iCloud.     

4. The F.B.I and other Law Enforcement Agencies Aren’t Happy – FBI director James Comey recently told reporters that he doesn’t understand why companies (in this case Apple) would “market something expressly to allow people to place themselves above the law.” Another former FBI assistant director, Ronald Hosko, referred to it cynically as “a virtual fortress from law enforcement,” inhibiting them from doing their jobs therefore potentially making the world more dangerous. The view asserts that by placing consumer interests in front of law enforcement’s, Apple is creating an outlet for dangerous activity that in fact harms the public interest.

Privacy advocates are arguing the opposite, of course, which is that consumers should have the right to keep their data private, and that they – and not companies like Apple – should possess keys to devices where data is stored. Privacy advocates would also argue that by forcing manufacturers to engineer “back door” entries into devices for the sake of law enforcement, it essentially weakens the overall strength of encryption—putting everyone at a greater risk to cyber criminals.

But according to Dr. George Edwards, a mobile phone expert with computer forensics firm Quandary Peak Research, the impact may be smaller than both privacy advocates and law enforcement authorities are suggesting.

“The new iOS encryption certainly could limit the ability of law enforcement to collect evidence in some circumstances,” acknowledged Edwards. “At the same time, it’s important to understand the scope of what is protected. The type of data our firm is typically asked to collect using forensic cell phone analysis – call logs and text messages, for example – can still be obtained without the user’s PIN because they’re transmitted over the network and stored on servers. Just because your call log can’t be pulled off your device doesn’t mean it can’t be found elsewhere.”

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Jason Frankovitz