Roundup: iOS 9 security features

With the Apple Watch now on store shelves and Tim Cook's company gearing up for the likely roll-out of the iPhone 6S this fall, the device and software manufacturer could have rested on its laurels for a few months. Instead, they've been busy blowing their own horn about iOS 9, which is already available to anyone enrolled in Apple's developer program and will likely hit open beta in late July. Those looking for the full retail release should see it in September to sync up with the new iPhone launch. And while Apple has been crowing about new features and smaller download sizes, they're also taking a hard look at security. Here's a round-up of what the new iOS has in store.

They Don't Want a Bite

According to Gizmodo, Apple doesn't want even a taste of users' private information. To achieve this goal, the company says that they've made “intelligence privacy” a big deal in iOS 9: Craig Federighi said that new services will be anonymous, not associated with Apple ID, use randomized identifiers, will not be linked to any other Apple services, and never shared with third parties.

For example, they're developing a “News” app that will aggregate stories from multiple sources but claims that it's private from the ground up, that anything you read isn't linked to other Apple services, and that no information is ever shared. This is in stark contrast to companies like Google, which actively seeks out user data on the grounds that it enhances the overall user experience and is always kept safe on company servers. Given the increasing concern displayed by mobile users about who's capturing, storing, and leveraging their data, Apple may be on the right track.

Going 2-Factor

The new iOS release also supports two-factor authentication for iCloud. Along with using their fingerprints, users can layer in 6-digit passcodes to help keep their data safe. In fact, 6-digit codes are now the default option when you're prompted to create a passcode, but you can also choose to make a custom alphanumeric or numeric code, opt for the standard 4-digit or skip the code altogether. This seems like a good balance of foresight and function: users are given the option to enhance iCloud security, but are not required to take part.

A Tor-iffic API?

In a marked departure from their usual stance on VPNs and other anonymous networks, Apple's new operating system includes a VPN API. This allows proxy traffic to be sent over VPN protocols. As noted by Medium, this goes a step beyond just letting users access their favorite VPN or choose the Tor network; it also lets more tech-savvy device owners filter all traffic heading to specific networks, allowing you to much more effectively block ads, and opening the door for developers to create some top-tier ad-blocking tools.

HTTPS?

While Apple talks a great deal about HTTPS and encourages developers to use this standard when creating new apps, the company has been reticent to roll out HSTS tools for their devices. With iOS 9, however, all that changes, thanks to App Transport Security, which allows users to ensure all connections go over HTTPS and ensures this rule is enforced by iOS itself. For developers, this offers a straightforward way to build in security and ensure they're meeting both TLS 1.2 and PFS cipher suite standards.

Uprooting the Tree?

There's also talk that the new iOS will include a feature called “Rootless”, which was reported by several media outlets but wasn't mentioned by name during the Apple announcement event. According to sources like BGR, the idea was to restrict access to specific protected files on Apple devices under almost any circumstance, making it much more difficult for attackers to gain a foothold. While the company did announce that OS X 10.11 will include a change to privileges which prevents admins from having access to kernel-level features, mobile devices aren't on the list just yet.

A Matter of Time

Even as Apple is playing up new security features, however, a group of hackers is trying to develop a jailbreak for iOS 9 that will be ready when the official release rolls around. Early reports suggest that creating a truly “untethered” jailbreak which works through reboots and doesn't require a computer connection is proving difficult. But after successful hacks of both iOS 7 and 8, it's worth watching out for this project in September.

Apple is doing its best to talk up security in iOS 9, and so far all the effort sounds justified. While things will change between developer release and the final product, Cook's company seems to have consumer privacy concerns firmly in sight.