Apple Is Making iOS Dangerous to Use (Op-Ed)

Apple clearly hates the iOS lockscreen, judging by the lockscreen bypasses the company introduced today (June 13) at this year's World Wide Developers Conference in San Francisco. Yet the audience applause for each new feature masked a very distressing fact: If you use the iOS 10 default settings on your iPhone, you may be making yourself much less safe.

Perhaps the scariest new feature is Scenes, an evolution to Apple's HomeKit smart-home platform. A new Home iOS app will let you control all sorts of devices, including door locks, straight from an iPhone — without requiring you to type in a passcode.

"Scenes can unlock your front door from your lockscreen," Apple software-development head Craig Federighi said on the WWDC stage in San Francisco, as if that was a great thing.

It's not a great thing. Nor is a new geolocating feature that automatically opens your garage door when your pull into your driveway. Now the guy who steals your iPhone can go to your house and walk right in.

MORE: Best Mac Antivirus Software


But, you'll argue, if my iPhone is stolen, I'll quickly disable the device through iCloud. Maybe, if you even realize the phone has been stolen. Or if you're still conscious, and not lying in a dark alley.

Consider this: Your iPhone is now your front door key and your smart-home hub. Who controls it can access your home and everything in it — possessions, pets, family.

What else will you be able to do from the lockscreen? You can interact with Siri, of course, and Siri will have additional powers. It can display your calendar on the lockscreen, revealing what you're up to to anyone who picks up your phone.

Siri will also help you make payments, either in person or online, using Apple Pay. It wasn't clear from the presentation whether you'd actually have to enter a passcode to transfer money, but imagine the fun that could be had if you don't.

Another app, iMessages, has had a better security track record than Siri. But it, too, is being opened up to third-party developers so that iMessage users can add "stickers," animations, funny faces and emojis. Lots of emojis.

It's nice to see that the WWDC presenters were a lot more excited about emojis than they were about user security. We suppose someone will make a Mickey Mouse sticker app that copies your iMessages and sends them to China.

Federighi pointed out that Apple was leading the way and doing "super important work" in a field called "differential privacy," a concept we'd never heard before. (Check out the Wikipedia page.) But Federighi didn't explain what it was, or why it's important, making his presentation of the topic sound like an especially vapid TED talk.

"Most people go from theory to practice, then to widespread deployment," tweeted encryption expert Matthew Green. "With Differential Privacy, it seems Apple cut out the middle step."

Apple released the following statement to Gizmodo on differential privacy, although it's still pretty vague how it actually works:

Starting with iOS 10, Apple is using Differential Privacy technology to help discover the usage patterns of a large number of users without compromising individual privacy. To obscure an individual’s identity, Differential Privacy adds mathematical noise to a small sample of the individual’s usage pattern. As more people share the same pattern, general patterns begin to emerge, which can inform and enhance the user experience. In iOS 10, this technology will help improve QuickType and emoji suggestions, Spotlight deep link suggestions and Lookup Hints in Notes.

Maybe Federighi should have gotten a little less big-picture and explained how Apple will secure its new Universal Clipboard feature, which will let users copy and paste data and files back and forth among iOS and OS X — sorry, macOS — devices. It's like AirDrop on steroids. We can't wait for some joker in a Starbucks to start modifying files on other people's Macs.

"Apple announces cross-device copy and paste buffer (“universal clipboard”). What could go wrong?" tweeted privacy expert Ashkan Soltani during the WWDC keynote.

Again, without iOS 10 in my hands, we're not sure how many of these new features can be reached from the iOS lockscreen. But we suspect it will be a lot. All this makes us wonder why the iOS lockscreen even exists.

Create a new thread in the iPhone forum about this subject
This thread is closed for comments
1 comment
    Your comment
  • DannBerg
    I agree with this. At this point in time, we have no idea how security will work w/r/t these new lock screen features. Apple should have at least thrown in a sentence in its keynote saying even something as simple as "There are ways to utilize these new features while still keeping your home secure." It would have taken five extra seconds, and satisfied these security concerns at least until iOS 10 is released.
    0