Linked by Thom Holwerda on Wed 23rd Jul 2014 07:40 UTC
Apple

Update: Zdziarski put up a more detailed response.

Apple responded to the backdoor story.

Each of these diagnostic capabilities requires the user to have unlocked their device and agreed to trust another computer. Any data transmitted between the iOS device and trusted computer is encrypted with keys not shared with Apple. For users who have enabled iTunes Wi-Fi Sync on a trusted computer, these services may also be accessed wirelessly by that computer.

Zdziarski, the author of the article that started this all, is not impressed.

I don’t buy for a minute that these services are intended solely for diagnostics. The data they leak is of an extreme personal nature. There is no notification to the user. A real diagnostic tool would have been engineered to respect the user, prompt them like applications do for access to data, and respect backup encryption. Tell me, what is the point in promising the user encryption if there is a back door to bypass it?

Apple response doesn't actually deny or contradict anything Zdziarski stated, so in the end, it all comes down to trust. Apple claims they only use these tools for "diagnostics" (which is a stretch considering the extensive and pervasive nature of the data they expose, but alas), and it's up to us to decide whether we trust them or not. If you still trust Apple - or Google, or Microsoft, or any other major technology company, for that matter - at this point, then I admire your child-like innocence.

Permalink for comment 593004
To read all comments associated with this story, please click here.
someone
Member since:
2006-01-12

But the end user should get a switch to turn on/off all those debugging and diagnostic services (also they should be off by default), especially since they can be accessed through WiFi. Also, Apple has failed to provide a way for end users to remove previous pairing records.

Edited 2014-07-23 21:51 UTC

Reply Parent Score: 4