However, the new software also brings a few small but notable compromises when it comes to the operating system’s priorities regarding user privacy and security. This minor security threats compelled Apple to works on how it approaches privacy and how it keeps users informed on how their data is handled.
Russell Brandom reports for The Verge that when Apple first unveiled iOS 9 this summer, one of the biggest selling points of the new operating system was a smarter Siri. With iOS 9, Siri is more deeply integrated into apps and services, pulls more data from a wider variety of sources, and offers users recommendations before they even ask for something.
But researchers have discovered a drawback to Siri’s new intelligence. iOS 9 enables users to access Siri from the lock screen. If users know how to manipulate that access, they can use it to add contacts or to access the photos that are stored on the device. While the vulnerability is unlikely to exploited widely, some critics are speculating that police could use it to inspect a suspect’s phone, even without knowing the passcode that locks it.
Fixing the vulnerability is simple; users can disable Siri access on the lock screen in the Touch ID & Passcode section of the Settings app. Unfortunately, as Brandom notes, most users won’t bother to change the default, if they find out about the vulnerability at all. That means that the iPhone’s lock screen protections just got a little bit weaker.
The lock screen vulnerability isn’t the only iOS 9 feature that should give security-minded users pause. For instance, the operating system is “promiscuous” when it comes to desktop tethering. An unlocked iPhone can tether to a computer with a single click, no password necessary, which enables the computer to copy emails, photos, and texts whenever the phone is connected, even if it’s locked.
Neither the lock screen vulnerability nor the tethering practice is particularly scary on its own. But as Brandom reports, their appearance in iOS 9 reveals an uglier truth about Apple and the priority it supposedly places on users’ privacy and security.
While Apple champions better forms of encryption and responsible handling of user data — and security experts find a lot to like with Apple’s software — Cupertino sometimes opts to trade security for convenience. According to Jess Bolluyt of CheatSheet, this is extremely unsettling for users who thought that Apple left such practices behind with the Celebgate leaks, which were enabled by an overly cooperative iCloud systems.
While iOS 9 still offers some features that prioritize convenience over security, Bolluyt added that Apple is taking important steps to keep users informed about how its software handles their data, and how they can make their devices more secure.
Matthew Panzarino reports for TechCrunch that Apple recently updated its privacy site, adding new information about iOS 9, the latest version of OS X, and the wide array of services and features offered to users. The section on how to “manage your privacy,” in particular, offers clear explanations of what you can do to improve your security, (use a complex passcode, enable TouchID, turn on Find My iPhone, and control the data you’re sharing with apps and ad exchanges, for starters).
Panzarino points out that privacy is something that everyone should care about, but studies continue to indicate that people either aren’t aware of the compromises they make or unaware of the implications of their choices. By expanding its privacy page and presenting information in clear language and with supporting data, Apple is making it easier for users to understand how the company is protecting their information.