Last month we reported that Apple had surprised mobile security experts by making it easier to inspect the workings of a key piece of its mobile operating system in a preview release of a new version launching this fall. The change is seen as likely to lead to more security bugs getting found—and fixed —in Apple’s code.
Today Apple underscored its new policy in a second beta release of iOS 10. The first beta departed from past releases in leaving the kernel, which controls what applications on a device can do, available for all to see. Experts on iOS security report that the new beta leaves many other components unobscured, too.
Security researcher Mathew Solnik tells MIT Technology Review that represents a “huge change from past policies.” He and others say that the encryption Apple previously used to obscure iOS components increased the work required for anyone who wanted to inspect the workings of the company’s code. Removing it could mean more people will take a look, and hence that more bugs are discovered and reported to Apple.
Apple has long boasted of the security of its products. But the company’s mobile operating system is under much closer scrutiny since Apple’s standoff with the FBI this year after the agency demanded the company help unlock a device used by the perpetrator of a mass shooting in San Bernardino, California. The FBI dropped its attempt to legally coerce Apple after paying a third party to hack the device in question. Apple has said it is working to further strengthen its security features.
Despite that background, Apple has not said it stopped obscuring iOS code to help security researchers. The company initially declined to comment when the first iOS 10 preview release drew attention, and only later released a statement saying the policy change was for performance reasons. Apple declined to explain what those performance benefits might be. The company declined to comment today on the new, even more open iOS beta release.
(Read more: “Apple Opens Up iPhone Code in What Could Be Savvy Strategy or Security Screwup,” “Apple Now Says It Meant to Open Up iPhone Code,” “Apple Vows to Fight the Feds in Battle Over Encryption,” “What If Apple Is Wrong?”)