Apple recently launched the beta version of iOS 10, and the new OS's unencrypted kernel raised some questions in the techie community.
The lax security of the kernel is either a blatant error or a bold move signaling a shift in strategy for Apple.
Security researchers at MIT Technology Review point out that the distribution of an unlocked kernel is a premiere for the company, which used to guard its OS core fiercely in the past. One strong reason why an OEM would want its kernel to be inaccessible is to ensure its protection from reverse engineering.
The kernel in iOS is crucial to system management, as it dabbles into every aspect of runtime operations. This means that everything from booting up the device to complex-app execution needs some input from the core of the operating system.
The iOS kernel permits third-party apps to access the hardware assets of the handset, and regulates how many resources are allocated to each app. By letting beta testers get their hands on the unencrypted version, Apple is virtually allowing hackers and security researchers to closely scrutinize its OS.
Experts familiar with the matter point out that such an oversight would be too much for a big company, which makes room for another explanation for Apple's decision. The company probably shipped the unencrypted beta version to expand its debugging strategy.
"This would have been an incredibly glaring oversight, like forgetting to put doors on an elevator," says Jonathan Zdziarski, a reputed iOS security expert.
Having the iOS in more hands means that bugs and errors have a bigger chance to be spotted and fixed before the iOS 10 final version goes live.
According to researcher Mathew Solnik, the beta does have a layer of security that makes sure that Apple's kernel cannot be modified.
The decision from the company to make its kernel tech transparent might be related to the recent legal horn locking between Apple and the FBI concerning data privacy.
As a reminder, the FBI was very determined to get access to an iPhone 5c linked to last year's San Bernardino terror attack. If it granted the request, Apple should have given the U.S. government a backdoor to its own security safeguards. Apple even received and resisted a court order that made it mandatory for the company to unlock the iPhone 5c in question. However, Apple's army of lawyers managed to build a legal defensive that slowed down the legal process until the issue was rendered moot.
The legal proceedings were dropped as the FBI managed to use a zero-day exploit to bypass the handset's lock protection. The bypass came via a third party, whose identity the authorities did not disclose. Rumors hinted that a security venture from one of the U.S.'s strategic partners might have been involved.
Zdziarski points out that the open iOS kernel could be a strategy from the company to slow down the iOS exploit market, a sector that gets its momentum mainly from requests coming from law enforcement agencies.
Check out our coverage of iOS 10 to see what you should expect from Apple's next mobile operating system.