Following this week’s discovery that the kernel – the core – of the preview version of iOS 10 is unencrypted, Apple has now confirmed to TechCrunch that it was left so intentionally.
“The kernel cache doesn’t contain any user info, and by unencrypting it we’re able to optimize the operating system’s performance without compromising security,” an Apple spokesperson explained. Previous iOS versions have concealed the kernel code from the view of developers and researchers.
Though the kernel enforces security and limits how apps can access the iPhone or iPad hardware, Apple’s decision to do away with encryption for the kernel does not leave iOS 10 any less secure. Instead, it simply allows developers and researchers to more easily find security flaws in the code.
While it had previously been speculated that leaving the kernel unencrypted could have been unintentional on Apple’s part, iOS security expert Jonathan Zdziarski told the MIT Technology Review that this “would have been an incredibly glaring oversight, like forgetting to put doors on an elevator”.
Apple’s move could help it to more quickly learn of and patch security holes in iOS, like the one used by the FBI to hack into the iPhone 5C of a terrorist involved in last year’s San Bernardino shootings.
