Apple Inc. is a well-known giant in the computer technology world. It is one of the leaders in the industry. Continuous implementation of innovations enables this company to acquire the sympathy of millions of customers all over the world. The release of a new product is always accompanied by an enormous interest of both consumers and media. That is why it is of a great importance for such huge company to keep the information provided by their customers in safety and security.
During two years Apple has faced severe security problems with the iOS 7. Anyone who had technical background attempted to penetrate to someone’s iCloud account. After few accidents Apple started to protect the security of its customers. Apple started a comprehensive campaign in order to inform the customers about privacy policies and security approaches. Information section appeared on its website. (Mott, 2014).
Recently Apple Inc. has published a report, which discloses the measures that are taken in order to protect customers’ information. It is highlighted, that the business of the company is not dependent on the collection of data of the ultimate consumers. It is not interesting for the company to accumulate personal information about its customers. Consumers’ talks are protected by the encryption feature in iMessage and FaceTime. Data that identifies user location, the search query in the map service and queries to adjunct Siri in any form is also not stored by the company.
There are couples of methods that are used when processing incoming requests, including those related to national security issues. They are divided into requests for accounts and inquiries devices. First, as a rule, contains the personal information about the account holder's name, address, seldom stored photos and emails. These requests are often initiated by government agencies. Apple is required to provide this information in accordance with the requirements of the legislation. Inquiries about the device include customer contact information when registering a specific device. Such requests in most cases are initiated by the users in case the devise was lost or stolen.
Such data as photos, email, contacts, messages and call history is protected by passcode on iPhones and iPads that are running iOS 8 (Reuters, 2014).
iPad is protected with the mechanisms that encrypt data for transmission over an insecure environment, mechanisms to authenticate users to access the stored information, and also provides encryption of all data in the memory device. iPad also provides protection against unauthorized access with the use of the password, that can be installed remotely. If the devise is stolen, users or IT administrators can initiate a remote erasing of all the information that was stored in its memory.
In order to protect installed applications from the modification, as well as the use of illegitimate ("pirated") software, operating system is using mechanisms for verifying digital signatures for the software that was installed (iPhone OS. Enterprise Deployment Guide). Thus, an application that was delivered by the company should contain an electronic signature of Apple. Third party applications are signed by electronic signature of the developers, this signature verification is performed using certificates public key issued by Apple. This ensures that the installed applications have not been tampered with or modified by an attacker.
In addition, the verification of digital signature is to be performed each time before starting the application. This ensures that the application has not been modified since it was last run. IOS system has protected the logical structure, which provides storage of user credentials in applications and network services in an encrypted form (Horwath, 2011).
Such means of protection are quite credible and secure customers personal information from any violations. But sometimes even complicated, multilevel security system can be overcome by hackers that is why Apple should constantly improve its security system. There are a lot of new features that are going to be implemented be Apple in the nearest future in order to protect the private information of the customers.
It was announced that if an effort for changing password, log in from the new device or restore files is made, user will receive and alert or other kid of alert to the iPhone or iPad (Satariano, 2014).
In iCloud information that is sent over the Internet will be secured by encryption and stored in such an encrypted format. When kept on server secure tokens will used for authentication. In such way data will be protected from unauthorized access while it is transmitted to the particular device or stored in the cloud. The minimum of 128-bit AES encryption will be used in iCloud. For accessing iCloud service with the help of Apple’s apps (for example, Contacts, Mail, Calendar), authentication might be done with the help of the secure token. There is will be need for storing iCloud password on different devices as these tokens are of the high security and eliminate any risks of break downs.
Two-steps verification that is essential for the enhancement of the Apple ID is the other way for secure storing of the information. The process of two-step verification will look like this: first the user has to verify his identity by using one of the devices, prior to making any changes to the account information (this can be done at My Apple ID), secondly, user has to sign in to iCloud on a new device (iCloud security and privacy overview).
Mobile threat Prevention app from FireEye will be available for users of iPhones and help to protect the devices from different kind of attacks. Mobile Application Mobile Threat Prevention is lightweight and provides: data from the cloud service with an analysis of the behavior of applications on the mobile device and the information about malicious callback, evaluation of the threat level of applications from App Store, the description of malicious or undesirable behavior of each application, identification of factors which may cause the breakdown of the device. FireEye MTP will notify the user about dangerous applications before it is installed (Woollastone, 2014).
Implementation of all the above mentioned features will bring Apple to the new crossbar and enhance public confidence in its products. Efficient security system will minimize the risk of illegal use of personal information.
Mott, N (2014). Apple forces its users to care about their own security. Pandodaily. Retrieved from http://pando.com/2014/10/09/apple-forces-its-users-to-care-about-their-own-security/
Reuters, T (2014). Apple tries to assuage privacy fears, puts focus on security. CBCNews: Technology and Science. Retrieved from http://www.cbc.ca/news/technology/apple-tries-to-assuage-privacy-fears-puts-focus-on-security-1.2771650
iPhone OS. Enterprise Deployment Guide. Second Edition, for Version 3.2 or later Retrieved from http://manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf
Horwath, J. (2011). iPad Security Settings And Risk Review For iOS 4. SANS Institute InfoSec Reading Room. Retrieved from http://www.sans.org/reading_room/whitepapers/apple/ipad-security-settings-risk-review-ios-4x_33826
Satariano, A. (2014) Apple Plans New Security Features After Celebrity Hacking. Bloomberg. Retrieved from http://www.bloomberg.com/news/2014-09-05/apple-plans-new-security-features-after-celebrity-hacking.html
iCloud security and privacy overview. Retrieved from:https://owl.english.purdue.edu/owl/resource/560/10/
Woollastone, V (2014). Apple’s iOS 8 is so secure, even the police can’t get hold of your personal details: Tim Cook outlines firm’s latest privacy plans. MailOnline. Retrieved from http://www.dailymail.co.uk/sciencetech/article-2760660/Apple-s-iOS-8-secure-police-t-hold-information-Tim-Cook-outlines-firm-s-latest-plans-protect-privacy.html