How Secure Is iOS 8 From Law Enforcement Intrusion?

September 24, 2014

With competitors like Google and Microsoft admitting to scanning and accessing user information, Apple is attempting to set itself apart by making some noise with its new privacy policy dealing with the iOS 8 operating system. CEO Tim Cook discussed the new policy in an open letter to customers this week. Essentially, all your data—photos, messages, emails, contacts and call history—is protected by your device password, and Apple will not have the ability to access this. The company has come under scrutiny for handing user data and information over to the government in recent times as well as with the recent hacking of its iCloud service. So it is not far fetched to assume this new policy stems from these issues. However, a key component of the new policy deals with user information and law enforcement.
In the past, were a law enforcement agency to approach Apple with a search warrant, the company would be able to break into an iPhone or iPad and access personal data. With the new operating system security measure, Apple cannot bypass the user password and therefore cannot access data. Essentially, what Apple seems to be trying to do is appease its customers with greater security while at the same time cleaning it’s hands of any potential disputes with law enforcement by creating a system that prevents them from accessing it directly. So were they presented with a warrant, they could essentially do nothing.
However, users may not be as safe from government intrusion as they think.

While media and privacy experts have applauded Apple on its new security measures, iOS forensics experts still offer users words of caution.

One such expert, Jonathan Zdziarski believes that law enforcement can still access devices operating on iOS 8 even without Apple’s help. All they need is for your phone to be powered on and access to a computer you previously used to move data. Zdziarski was able to run his own forensic software and pull from devices running iOS 8 by impersonating a trusted computer to which a user had previously connected their device. “I can do it. I’m sure the guys in suits in the government can do it,” says Zsziarski.
The data siphoning trick presented by Zsziarski does have several limitations however. Police officers or intelligence agents would have to either plant malware on a user’s machine or grab the individual’s computer along with their mobile devices. Additionally, the majority of the information that Zsziarski was able to pull from the devices came from photos and information from third-party applications such as Twitter and Facebook. The data siphoning did not compromise sensitive information such as emails, messages and phone numbers. However, data-dumping methods could potentially be used by law enforcement to gather this information. In order to combat this, Zsziarski recommends that users encrypt their hard drives and power down their devices when going through places such as airport checkpoints.
While iOS 8 does still have a certain level of vulnerability, Apple deserves to be applauded for the steps it has taken in order to protect user personal information. While competitors like Google are willingly unlocking any device that runs their pattern-based unlock mechanism, Apple is taking a hard stance against data intrusion. And to be fair, Apple did not claim that its new privacy settings would be impervious to law enforcement data extraction. The government can still find ways to access your personal devices, but Apple has made it much more difficult with iOS 8’s privacy policy. With iOS 8 just coming into use, only time will tell how effective this policy truly is.