Candid Wueest of Symantec says a number of useful security and privacy improvements are set to debut in the Apple's forthcoming iOS 8 mobile operating system, and the changes should appeal to users as well as enterprise administrators. But there are still some unrealized security features that he'd like to see included in future versions.
"iOS 8 actually introduces quite a lot of good changes," says Wueest, a Zurich-based principal threat researcher at Symantec, in this interview with Information Security Media Group. "It's a good evolution."
Wueest has been testing a beta version of iOS 8 for developers, ahead of what Apple has promised will be its official, fall release. He reports that on the enterprise front, Apple has made a number of alterations that should appeal to users, as well as to administrators with BYOD concerns, for whom Apple has created a new, remote-management user interface for mobile device management purposes.
"Obviously Apple is trying to [strengthen] its position in the enterprise market, so they improved their MDM solution quite a bit, providing new features for the administrator to actually control the user's device better," Wueest says. "They can still allow or block certain applications, but now they have a finer granularity in deciding what to do. That goes down to even defining which app can open which documents, revoking permissions centrally, and allowing better feature sets to actually define what the user can do and what the applications are allowed to do as well."
But Wueest finds some "wish list" features lacking in iOS 8, such as stronger anti-tracking features and the ability to have multiple user profiles on a single device, as the Android operating system allows. Such profiles would allow the device owner to creates profiles for other users - such as children or guest users - that restrict their access to certain settings, apps, or stored data, such as work e-mails.
In this interview, Wueest discusses:
- Enterprise-focused changes to iOS 8, including per-app VPN access, per-message S/MIME email encryption and new MDM features;
- How the new iOS 8 messaging broker updates Apple's iOS sandbox concept, allowing on-device apps to exchange some types of information without having to send it to the cloud;
- The more widespread use of encryption in iOS 8 to secure stored data, amongst other changes;
- Privacy-focused tweaks to iOS 8, such as randomizing MAC addresses for anti-tracking purposes;
- Apple's new HomeKit framework for managing Internet of Things devices, and HealthKit, which creates a centralized, secure repository on a device to store a user's health and fitness data.
Wueest has more than 15 years of information security experience, including working as a threat researcher for Symantec and IBM. He shares a U.S. patent on "detecting fraudulent websites through an obfuscated reporting mechanism," and his research has been widely published. He's also a regular speaker at conferences, including RSA.