September 15, 2009

Apple's Cynical Approach

It turns out that for a long time now Apple iPhones have been lying to Exchange Server mail hosts, telling the mail servers that on-device encryption is supported. It now transpires that only the recently-added 3G S model supports encryption through hardware, and this came to light when a recent upgrade made the phones tell the truth.

The unfortunate consequence for any business that has standardized on iPhones for remote mail access is that if they have required on-device encryption the iPhone has been breaking their security guidelines since it was installed. According to Apple their only alternatives are to change their security policies to allow iPhones to store plain text emails or upgrade everyone to the new 3G S device.

What a crock. Not only that, the iPhone users apparently had to wait until after they'd been upgraded to even learn that this issue existed. I am so glad I'm not a corporate Apple user.


Carl Trachte said...

I didn't know there were that many corporate iPhone customers. Blackberry seems to be the corporate standard.

The whole purpose of an iPhone is to be cool and fashionable and with it, not necessarily secure. Or did I miss something?

I know Apple has great security people working for them (read Ivan K. of former OLPC fame), but I doubt the iPhone is their focus.

Carl T.

PS - as always, I could be misinformed or just plain full of it. CBT

Hugo Wetterberg said...

Well, I'm so glad that I'm not a corporate user, period.