{"id":12512,"date":"2016-07-04T09:09:02","date_gmt":"2016-07-04T13:09:02","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=12512"},"modified":"2019-11-15T06:55:51","modified_gmt":"2019-11-15T11:55:51","slug":"apple-becoming-android","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/apple-becoming-android\/12512\/","title":{"rendered":"How Apple iOS stirs towards Android"},"content":{"rendered":"<p>You\u2019ve probably heard it before but we\u2019ll say it once more: <a href=\"https:\/\/threatpost.com\/apple-leaves-ios-10-beta-kernel-unencrypted-pros-and-cons\/118928\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Apple does not encrypt<\/a> the kernel starting from iOS 10. Well, OK, the kernel is not encrypted, so what? Let\u2019s sort out why this step has hit the news, and what it means for Apple users.<\/p>\n<h3>What\u2019s happened? <\/h3>\n<p>On June 13 Apple gave developers access to iOS 10 beta. It turns out that, for the first time in the history of the \u2018fruit company,\u2019 the operating system kernel was not encrypted. There were heated debates on this fact \u2014 how is that possible? Was it someone\u2019s epic fail or did the company abandon encryption on purpose? Last week Apple dispelled the doubts: encryption was abandoned intentionally.<\/p>\n<p><i>\u201cThe kernel cache doesn\u2019t contain any user info, and by unencrypting it we\u2019re able to optimize the operating system\u2019s performance without compromising security,\u201d<\/i> an Apple spokesperson <a href=\"https:\/\/techcrunch.com\/2016\/06\/22\/apple-unencrypted-kernel\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">told<\/a> TechCrunch.<\/p>\n<p>So, if kernel encryption does not affect OS security, why did the company encrypt it for years? And why did Apple decide to abandon it after all?<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Apple confirms iOS kernel code left unencrypted intentionally <a href=\"https:\/\/t.co\/9CMEoEPNQU\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/9CMEoEPNQU<\/a> by <a href=\"https:\/\/twitter.com\/kateconger?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@kateconger<\/a><\/p>\n<p>\u2014 TechCrunch (@TechCrunch) <a href=\"https:\/\/twitter.com\/TechCrunch\/status\/745788756444090368?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">June 23, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h3>What is the kernel and what\u2019s the purpose of encrypting it?<\/h3>\n<p>The kernel is the core part of the operating system that provides access to device hardware (processor unit, RAM, data storage) for system software and apps. Kernel security is critical to the device security at large. Some security policies can be implemented in applications only if they are supported at the kernel level.<\/p>\n<p>So what\u2019s the point of encrypting the kernel? It\u2019s secrecy and safety \u2014 pretty much anybody can analyze an unencrypted kernel, while the encrypted kernel requires more work with reverse engineering. Though tablets and smartphones with iOS 10 won\u2019t necessarily be more vulnerable than their ancestors, the final result depends on many factors. For the first time developers, security experts and even bad guys can explore the kernel and find some bugs if they are lucky.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Trojan Exploits Apple DRM Flaw, Plants <a href=\"https:\/\/twitter.com\/hashtag\/Malware?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Malware<\/a> On Non-Jailbroken <a href=\"https:\/\/twitter.com\/hashtag\/iOS?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#iOS<\/a> Devices: <a href=\"https:\/\/t.co\/n5MHIRbOn7\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/n5MHIRbOn7<\/a> <a href=\"https:\/\/t.co\/SluytGnjmJ\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/SluytGnjmJ<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/710219381712801793?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">March 16, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>This is both good and bad news. If criminals are able to find vulnerabilities first, they will certainly use them against users. If security experts will be the first, they will probably notify Apple and they will release a patch. <\/p>\n<p>There\u2019s a common rivalry between black hat and white hat hackers who search for vulnerabilities in operating systems, but this latest decision by Apple could have a big knock on effect for its users.<\/p>\n<h3>Why did Apple set the course for transparency and how does Android come into the picture?<\/h3>\n<p>There is a huge market for vulnerabilities. In fact, three of them \u2014 black, grey and white. Apple\u2019s isolation policy resulted in a situation where iOS vulnerabilities cost more than others as it\u2019s difficult to find them. For example, last year <a href=\"http:\/\/www.digitaltrends.com\/mobile\/zerodium-1-million-bug-bounty-claimed-news\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Zerodium paid one million dollar bounty<\/a> to researchers who found zero day vulnerability in iOS 9. Having abandoned encryption, Apple appreciably strikes vulnerability dealers: the more people look for security holes the sooner they are found and the less they cost on the market.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/Apple?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Apple<\/a> vs. <a href=\"https:\/\/twitter.com\/hashtag\/FBI?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#FBI<\/a> \u2013 what\u2019s going on? <a href=\"https:\/\/t.co\/B1YokqfzSn\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/B1YokqfzSn<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/FBiOS?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#FBiOS<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/privacy?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#privacy<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/security?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#security<\/a> <a href=\"https:\/\/t.co\/6CV6Qh7NAG\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/6CV6Qh7NAG<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/702158979783335937?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 23, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>In addition, Apple gets the chance to patch holes in time. However the company has no Bug bounty program and many hackers would not share their findings with Apple \u2014 selling vulnerabilities on the black and grey markets is much more profitable.<\/p>\n<p>Apple\u2019s decision has other consequences. For many years Apple has been waging war with jailbreakers and recently it almost won. Today we don\u2019t have ready-made solutions for jailbreaking iOS 9.3.3 (the newest iOS version for now). Encryption abandonment simplifies jailbreak so we can see it released for iOS 10 rather soon.<\/p>\n<p>Unencrypted kernel also lets loose those who like to change everything. Many Apple users disapprove its strict policies \u2014 they\u2019d like to modify their operating system and install third-party apps and add-ons. They always look for a way to bypass these restrictions.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>How and why #Apple iOS is turning into #Android<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2F8M6P&amp;text=+How+and+why+%23Apple+iOS+is+turning+into+%23Android+\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>All in all, the more open iOS becomes for developers, the more it resembles Android, the OS that is open from the very beginning (and for this reason experiencing security problems). And it looks like many people like this transformation.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Apple no longer encrypts the kernel of its iOS operating system. It seems that this is another step towards turning iOS into something similar to Android.<\/p>\n","protected":false},"author":522,"featured_media":12513,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[105,14,1250,423,97],"class_list":{"0":"post-12512","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-android","9":"tag-apple","10":"tag-ios","11":"tag-mobile-devices","12":"tag-security-2"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/apple-becoming-android\/12512\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/apple-becoming-android\/7364\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/apple-becoming-android\/7387\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/apple-becoming-android\/7327\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/apple-becoming-android\/8583\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/apple-becoming-android\/8527\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/apple-becoming-android\/12399\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/apple-becoming-android\/5790\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/apple-becoming-android\/8097\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/apple-becoming-android\/11909\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/apple-becoming-android\/12399\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/apple-becoming-android\/12512\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/apple-becoming-android\/12512\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/android\/","name":"Android"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/12512","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/522"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=12512"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/12512\/revisions"}],"predecessor-version":[{"id":30229,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/12512\/revisions\/30229"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/12513"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=12512"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=12512"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=12512"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}