Skip to Main Content

Nothing New in Apple's iOS Security Guide

Apple quietly published a security guide for iOS with rather user-friendly, if generic, information for IT professionals.

By PCMag Staff
June 4, 2012

Years after iPhones and iPads entered the workplace, Apple has quietly published a security guide for iOS with rather user-friendly, if generic, information for IT professionals.

To security researchers, the 20-page whitepaper reveals nothing new. Instead it conveniently brings together years' worth of information first revealed by the iOS jailbreaking community. 

The guide vaguely documents the "industry-standard" security measures Apple has taken across the OS, from its system architecture to device access tools, to software like Safari and Mail. For instance iOS uses stringent Wi-Fi protocols such as WPA2 Enterprise (128-bit AES encryption), and leverages certificates for auntheticated, encrypted email. 

By default, Apple already enables most of these security features ("so IT departments don’t need to perform extensive configurations," the paper notes), like device encryption, but the guide finally explains what Apple has configured to be enabled. 

There are other IT-friendly tidbits in here too. For instance IT professionals can see a list of available admin-level restrictions, such as blocking app downloads, Siri, multiplayer gaming, etc.

The "Consumerization" of IT Professionals?
Now that almost every IT professional is under pressure to support iOS devices, this guide is a helpful, if incredibly belated, step aimed to make enterprise adoption of iOS devices as simple as possible. Apple published a similar guide for developers awhile ago, to alleviate security and privacy fears. 

Kurt Stammberger, VP of market development at enterprise-level mobile security provider Mocana said Apple has traditionally "played coy on how iOS security really worked," making it difficult for IT professionals to decide whether or not to trust it. 

"We see Apple's iOS security whitepaper is something of an olive branch to Enterprise IT and CSOs everywhere, [and] hopefully a sign of more to come," he said. "It's a step in the right direction for Apple to present such a comprehensive view of the overall iOS security architecture, and make it public."

But from a "device geek's" standpoint, there were no surprises within, he said.