Last Monday Apple held its annual Worldwide Developers Conference and iOS 9 was unveiled. What did not get much coverage are the new security features that make iOS 9 the most secure phone os available.
A few months ago I wrote about the IP-BOX and how it can be used to crack the default four digit passcodes on current iOS devices. Apple has now made six digit passcodes as the default for any device running on iOS 9.
Apple plans to introduce useable two-factor verification for certain services that will help prevent unauthorized users from accessing an account with a stolen password. Apple’s two-factor authentication will require a user to enter a password sent to one of their devices if they want to manage their Apple ID account or use other Apple services and products. This password can be sent via iMessage or to your iCloud email address. After last year’s iCloud breach where various celebrities had their personal pictures, this can only be a good thing and it will also bring to iOS something that Google has already brought to Android.
Apple is also bringing to iOS 9 its new App Transport Security protocol, which will encourage developers to build apps using HTTPS. HTTPS is normally used on websites where you are making financial transactions or providing other private information. Apple has not made it mandatory, but they are encouraging developers to move to HTTPS as soon as possible which means that it soon will be.
One very important point made by Craig Federighi, Apple’s senior vice president of software engineering “We don’t mine your e-mail, your photos, or your contacts in the cloud to learn things about you, we honestly just don’t want to know.” This means that Apple plan to further integrate high level encryption into iOS 9.This can only be good for the consumer and it will also reassure countries like China who think that the CIA or FBI have backdoors into any device running on iOS 9.
Safari has also gotten some pretty neat security updates. All extensions in the Safari Extensions Gallery will only be hosted and signed by Apple. Users will now be able to trust that the Safari Extension they install is the one you submitted. Apple also mentioned that developers can still sign and distribute extensions that are signed with developer certificates but these won’t auto-update anymore.
Another great new feature in the next release of Safari is Content Blocking Safari Extensions. Content Blocking gives your extensions a fast and more efficient way to block cookies, images, resources, pop-ups, and other content. This will be very useful to adblocking software developers who were not happy with how much memory and CPU Adblock was using, which resulted in pages loading very slowly. This API will be available as an App extension on iOS and Safari extension on OS X.
For me the most exciting announcement was that Apple is opening up a VPN extension which could mean that we could soon see a version of Tor on iOS. It will also be possible to design apps that will prevent trackers and even filter all traffic going to advertising networks or analytics servers.
If you can’t wait till iOS 9 is launched in September, Mark Dalton one of my Irish Tech News colleagues has written a excellent article showing you how to install the beta version of iOS 9 on your iOS device. He discusses the pros and cons of installing beta software and you can read it here.