iPhone and iPad as amazing instances of applied cryptography

Following the publication of Apple's absolutely stellar iOS Security white paper in February, Steve Gibson of the TWiT network's Security Now! show spent three episodes going through it, providing extra explanation and context. Gibson was incredibly impressed by the iOS Security white paper, and by Apple's security implementation in general, calling it "amazing" many times over, especially the Apple A7 and its secure enclave. he also widely praised Apple's choices for the crypto they implemented, and especially how user- and privacy-focused their choices were.

Gibson did point out the iCloud Keychain cryptography wasn't as good as the rest of the system, and that things like iMessage chose convenience for users over absolute security at some points. While Apple's close approach is irksome to some, Gibson notes it's also why there's virtually no malware for iOS in the wild.

If you're interested in iOS security, all three episodes are well worth watching, listening to, or reading. Check out the links below and then let me know, how do you feel about Apple's security and privacy focus in iOS?

Have something to say about this story? Leave a comment! Need help with something else? Ask in our forums!

Rene Ritchie

EiC of iMore, EP of Mobile Nations, Apple analyst, co-host of Debug, Iterate, Vector, Review, and MacBreak Weekly podcasts. Cook, grappler, photon wrangler. Follow him on Twitter and Google+.

More Posts



← Previously

Fund This: Game of Phones, a card game with a high-tech twist

Next up →

Deal of the Day: Amzer Hard Shell Case for iPhone 5/5S

Reader comments

iPhone and iPad as amazing instances of applied cryptography


I read Apple's description of iMessage security and it seemed very secure to me. I'll have to listen to why Steve thought they chose convenience over security.

Sent from the iMore App

As it moves into wealth and health industries, both requiring first class security, Apple's superb crypto engine may be the next "Quicktime" technology. Quicktime supported everything that happened with iTunes and iPods. It's a technology that put Apple in a class of its own. And put paid to Microsoft's attempts to dominate digital media. Search Road to Mac OS X Leopard: QuickTime, iTunes, and Media Features.

Read Gibson's talks and then ask yourself if that level of security can exist on wearables. Not likely; not this decade anyhow. More likely, Apple will let any and all invent their $100 baubles and then connect, wirelessly, to an iPhone or iPad for securing info. Which procedure will require, ergo, a $500 Apple device.

With super crypto, Apple can create more value in its devices, recruit more developers, keep its margin high, and, once again, can do more with less. It is the path Jobs put Apple on.

OK, Apple could do a $500 wearable also. Imagine what a great decoder ring Apple could make.

Ya, listening to those podcast episodes was REALLY interesting. It's good to know that a Security-phile (is that a word?) such as Steve Gibson is impressed with the lengths that Apple has gone through in order to make these amazing cryptographic devices.

Sent from the iMore App

This is an amazing enlightening podcast. Apple appears to have done a beautiful job with iOS security.

Mr. Gibson is also a very special person with so much knowledge and also an uncanny ability to make this topic exciting, interesting and most of all understanding for the rest of us.

Imore.... Could you please do a review of windows phone 8.1 vs IOS 7..... Lot of people are saying that windows phone 8.1 is better than IOS.....co could you please

When Apple finally moves forward with their so-called "wallet" it will be a watershed device. One with an instant built in user base of hundreds of millions of people that retailers and users will find as invaluable as the iPhone itself. I'm mainly curious to see if Apple will integrate crypto-currency function since they have been keeping apps with this function out of the App Store.

When our organization decided to standardize on WP, we were told in training that the platform had the best security of the available options, which was one of its supporting factors. I wonder if that was true or not. At any rate, Apple has always had poor reputation in implementing crypto correctly. Maybe they have improved.

iOS 7 has greatly upped the security, it seems. With the previous versions the emphasis was more on safety (practices like the curated AppStore and other sorts of restrictions).Security did play an important role in iOS 6 and prior but not as much. Maybe it didn't need to. Safety features and restrictions in what the device could do, were sufficient enough. With iOS 7 they are continuing with best safety practices plus doubling down on the "quality of locks" at the hardware as well as system software level as they are adding new features. And if this mobile payments thing also materialises this year in the upcoming iPhone in conjunction with iOS 8, it wouldn't be a surprise. All the security features at every level in iOS 7 must have been furthered in iOS 8. I think Apple is more than ready to release mobile payment feature