Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

iOS 8 and OS X Yosemite: will they keep us safer?

Rich Mogull | June 5, 2014
At its WWDC keynote, Apple didn't spend a lot of time talking about new security features in iOS 8 and OS X Yosemite. But Rich Mogull heard plenty.

It might also inspire more than a few parents to delete their child's fingerprints from their device.

Extensions to where?

The details of the other major security enhancement are a bit murkier. Apple is opening up direct communications between iOS apps through something called extensions. Apple has long restricted inter-app communications to maintain the security and integrity of the app sandbox. While this has frustrated some developers, sandboxes are a powerful security tool to limit the risks that one compromised app could compromise other areas of your device.

Based on the limited information available in the keynote, it appears that iOS 8 developers will now be able to open up their app to external communications. This extension is like a little receptor on the edge of the sandbox that receives a message and acts on it. Extensions register themselves with iOS, which mediates communications between apps.

Rather than opening up communications willy nilly, it appears that extensions still obey the rules of the sandbox. Any requests to do something new on your device, such as communicate over the network, will still require user approval (such as those prompts to access your camera or microphone currently in iOS). The fuzzy part is where that line will be, exactly. One option would be to require approval for every first-time request between two different applications. Based on the keynote demonstrations, I suspect it won't be quite that granular, but this is one area I would also expect to evolve considerably during beta testing.

What is clear is that iOS is the broker between application extensions, which likely keeps a fair bit of security in the process since apps won't be communicating and (potentially) attacking each other directly. Maintaining the iOS privacy controls also means that nifty new keyboard replacements won't be sending all your keystrokes to a black-masked attacker (as has happened on Android).

iOS 8 does opens up a host of other security questions that I simply don't have anything to base an informed judgement on. Shared file storage with iOS or third-party cloud services, the security model of Continuity, any details on the new enterprise features like Extended Data Protection, and the usual under the hood enhancements--they're all TBD.

Swiftly climbing in Yosemite

Apple said less about any security changes in OS X 10.10. In large part, this is due to the fundamental differences between a full desktop operating system and iOS. Apps can already talk to each other, even when sandboxed, and hook into the operating system at a deeper level. I suspect most of the security improvements are inside the OS X internals.

One advance with significant long-term implications is the introduction of the Swift programming language. As a part-time coder (okay, dabbler) myself, I never underestimate the challenge of building a secure language that wipes out all the little errors that could inadvertently open the doors to attackers. Apple stated Swift wipes out buffer overflows and a series of other security issues that plague most languages. This is a tough challenge, and while we've seen success with such efforts in other modern languages, we've also seen plenty of failures.

 

Previous Page  1  2  3  Next Page 

Sign up for Computerworld eNewsletters.