After concluding its WWDC conference earlier this month, Apple released a preview of iOS 10 for developers to have a crack at it and see what’s new. Unlike previous versions of the platform, it included a big surprise: an unencrypted kernel.
The kernel is the core of the operating system; it controls how apps can use a device’s hardware components and enforces security protocols.
Leaving it unsecured doesn’t mean that iOS 10 would automatically make devices running it prone to attacks, but it does make it easier for people to discover ways around the kernel so they can hijack its operations and compromise devices.
This was initially believed to be a glaring error on Apple’s part. But the company has now issued a statement saying that the move was intentional:
By unencrypting it we’re able to optimize the operating system’s performance without compromising security.
Apple didn’t specify how this would improve performance, but there’s a clear benefit to leaving the kernel unencrypted: iOS fans can poke around, discover and report bugs to the company before the latest version hits prime-time and reaches millions of devices.
The MIT Technology Review notes that this approach could help close more security loopholes in Apple’s software and make it more difficult for government agencies to gain unauthorized access to the company’s devices, as they did in the case of the iPhone belonging to the San Bernardino shooter.
However, Apple would do well to incentivize developers to report bugs by launching a bounty program and offering rewards. Rivals like Google and Microsoft already have such initiatives in place. It’s about time Apple got in on the game too.