iOS 8 isn't all that spy proof

Last night, Apple unveiled an overhauled privacy section to its website along with a personal message from Apple CEO Tim Cook reaffirming the company’s “commitment to your privacy.” In the note Cook says “Apple cannot bypass your passcode and therefore cannot access this data. So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.”

It’s big news for a company of Apple’s size and importance, after a few high profile weeks of criticsm for lax security policies which may have contributed to a few individual celebrity iCloud breaches. But today’s news has led plenty to reason that iOS 8 users would now be largely insulated from the reach of government surveillance arms like the NSA.

But security researchers caution that, while the move is an important, perhaps even landmark step, users shouldn’t be lulled into a false sense of security by Apple’s new policies.

“It’s not like Apple was rolling over before with law enforcement but calling something NSA -proof is a bit absurd,” Sophos Senior Security Advisor Chet Wisniewski told BuzzFeed News. “I mean, what do you consider NSA proof? Well maybe they can’t access information on the phone but that doesn’t stop them from asking carriers. If your communications are carried across the global internet, then chances are a government agency with power and authority to access your data can access what they need.”

NSA or not, privacy advocates are more than pleased with Apple’s commitment. “This may be the most important pro-privacy change made by a big tech company since the Snowden disclosures fifteen months ago,” Freedom of the Press Foundation Executive Director Trevor Timm said.

“The best way to keep governments from demanding for users’ data is to not have access to it in the first place. Apple has laid down the marker for other tech companies, who hopefully will respond in kind.”

And it seems Google has, with the Washington Post reporting that the next iteration of Android’s operating system will include default encryption for the first time.

Though Timm sees this as an important step forward he admits there’s some confusion as to whether areas like iCloud are protected. “It’s unclear how many users this will affect in practice because many of which have iCloud backups turned on, and Apple did not say these changes apply to the cloud as well.”

Wisniewski, who also lauded Apple for the move says that the best way to ensure complete privacy would be to check and monitor privacy settings on the new operating system. For example, in “Settings” on iOS 8, users can limit apps from tracking your location while they run in the background. You can also turn off location tracking for ads or location sharing information with your friends and contacts, all of which decrease the odds that your private information gets in the wrong hands. Accessing “Settings > Privacy” will also allow you to toggle which apps can uploading your personal data.

“Arguably you can live the most private life of anyone with a smartphone if you turn off location, don’t use iCloud, turn off calendar sharing, and don’t use foursquare or twitter,” Wisniewski says. That said, Apple security, Wisniewski notes, has thwarted governments before. “I work with law enforcement quite a lot and spoken to many in the field and they’ve expressed frustration about breaking into Apple devices as opposed to Android because its quite hard.”

Ultimately, the news is positive for most law-abiding iOS 8 users, though Wisniewski has a word of tongue-in-cheek advice for those who may view the government as an adversary:

“If you literally think government spies have asked to look at your communications at any point in time, well, then I would suggest you avoid technology entirely,” he said.