Apple has confirmed it intentionally decided to leave the kernel for version 10 of its iOS mobile operating system unencrypted.
A spokesperson for the company told TechCrunch that the move will help benefit iOS users without compromising their security:
“The kernel cache doesn’t contain any user info, and by unencrypting it we’re able to optimize the operating system’s performance without compromising security.”
Earlier in June, Apple surprised everyone when it released a preview of iOS 10 containing an exposed kernel, a computer program which serves as the core of any operating system.
The iPhone maker encrypted the kernel in previous releases of its mobile operating system, which meant only a few researchers with high levels of technical expertise could get an inside look into Apple’s code.
The Cupertino-based tech giant’s decision to leave the kernel unencrypted makes it possible for more people of varying levels of technical expertise to explore the inner workings of iOS.
Jonathan Zdziarski, an expert on iOS security, feels this change could improve the security of Apple’s mobile operating system. As he told MIT Technology Review:
“Opening up the OS might help other researchers to find and report bugs, by giving everyone just as much visibility as an advanced and well-funded research team might have.”
Bogdan Popa of Softpedia writes such openness could also help the company avoid situations like the San Bernardino iPhone case. The FBI eventually found a way to break into the iPhone without Apple’s help, but as of this writing, Apple is still working to identify the flaw that hackers working with the Department of Justice exploited to help unlock the terrorist’s phone.
By opening the kernel of iOS 10, the company is encouraging more transparent bug reporting, which could help it avoid disputes like the San Bernardino case in the future.
Ken Munro, a security researcher at Pen Test Partners, went so far as to recommend that Apple use this opportunity to launch a bug bounty program. As he explained to the BBC:
“If Apple has deliberately opened up its code, then it needs to make sure it is very thoroughly reviewed by the community and the firm must then be very responsive in fixing stuff that is found. A bug bounty would get everyone interested, meaning the security community would be working for Apple for a comparatively low cost.”
A bug bounty program would also put the company on par with Facebook, Google, Mozilla, and others that already have open vulnerability reporting initiatives in place.
iOS 10 is expected to launch in the fall with the iPhone 7.