We reported last week that Apple had added an anti-phishing feature to the iPhone OS, but that this feature did not work consistently. It turns out that the feature, while in the operating system, was not "primed". Apple has responded to this issue in an article on The Loop, saying that users needed to perform an operation to get it to work. An Apple representative is quoted saying the following:
After updating to iPhone OS 3.1 the user should launch Safari, connect to a Wi-Fi network and charge their iPhone with the screen off. For most users this process should happen automatically when they charge their phone.
Now, this is interesting. How are users to know that they have to do this? Nothing on the iPhone tells them to do so, and it is likely that many users never turn on wifi on their iPhones. Apple should have provided an initial database with the iPhone OS update, or should have given clear instructions to users. This is a very lax way of providing a security feature.
We see a number of problems:
- Users may never know the feature exists, if their iPhones are not set up to download updates.
- Users won't know when updates are downloaded.
- Users won't know whether a glitch is preventing updates from being downloaded.
- Users won't know when successful downloads have completed.
- Users have no way of knowing if they have the latest database, and if they need to, again, set their phone to a wifi network to download a new one.
All in all, this is a valiant effort, but one which provides no way for users to know if they are really secure.