As the WWDC conference gets underway, there has been a ton of coverage about hardware and software updates. There were a couple of nuggets in all this that I found particularly interesting, as a security researcher.
More and more, app and website developers are playing fast and loose with our data. The large number of websites experiencing password breaches, LinkedIn and Path’s apps being caught sending potentially confidential data in plain text; these are just a few examples. Undoubtedly there are other examples that have yet to be discovered.
But it looks like maybe Apple is trying to make moves to reverse this trend.
A few months ago, they started rejecting apps that used the Unique Device Identifier (UDID). The next version of iOS is expected to have more granular warnings and privacy settings to let you choose what data apps are able to access.
It remains to be seen if these privacy settings will improve our data security overall, but it does bring up interesting possibilities in terms of increasing transparency. Right now we have to take a lot on faith about what apps are doing and how they’re protecting our data.
But Apple is not stopping there with their possible moves towards transparency. The Black Hat security briefings in Las Vegas next month will be including a handful of presentations about iOS security, but most notably, it will include a presentation from Dallas De Atley, manager of Apple’s Platform Security team.
This will be Apple’s first time presenting at this conference, which is really a big deal. The attendees at this conference are not known for sitting quietly and slurping up corporate platitudes. They’re usually a pretty rowdy bunch. Apple has to be aware of this, and presumably they will be planning for plenty of incredibly pointed and articulate questions. If not at the conference, then they’ll have plenty to answer in response to blog posts and articles of attendees after the fact. Do not tempt the nerd rage!
The optimist in me hopes that this is a view into a more transparent future with Apple, when it comes to security. They can double down on secrecy all they like. But I hope that the future includes more cooperation with those people helping to improve security for everyone.