Craig Federighi, Apple senior vice president of software engineering, talks about Messages in iOS10 at the Apple Worldwide Developers Conference in the Bill Graham Civic Auditorium in San Francisco, Monday, June 13, 2016. (AP Photo/Tony Avelar)
Tony Avelar — AP
By Don Reisinger
June 23, 2016

Apple might have worried some users when it was revealed the company unencrypted the kernel in iOS 10. But it turns out it was all part of its plan.

In a statement to Fortune, an Apple spokesperson confirmed earlier reports that the kernel, or the central component that manages important tasks between software and hardware, in iOS 10 has been unencrypted. The company’s spokesman said that Apple (AAPL) made the move “to optimize the operating system’s performance without compromising security.” He added the “kernel cache does contain any user information.”

Earlier this week, it was discovered that iOS 10, which was announced at the Worldwide Developers Conference (WWDC) earlier this month and opened to developers thereafter, had an unencrypted kernel. Previously, Apple encrypted the kernel, which is a central component in an operating system that ensures apps and hardware can properly work together. It’s long been viewed by some in the security community that hiding the kernel from easy access improves security and makes it harder for would-be hackers to find bugs and exploit them.

Get Data Sheet, Fortune’s technology newsletter

However, as the number of hacks on all sorts of mobile devices increases, opening code to a community of knowledgeable people isn’t necessarily a bad thing. In fact, major organizations, including the Defense Department, have offered so-called “bug bounty programs” that solicit hackers to actively target their systems to find security holes. They then pay those hackers for finding the glitches and patch them before they can be exploited by a malicious hacker.

While Apple said in its statement that unencrypting the iOS 10 kernel—something it hadn’t done in previous iOS versions—would enhance the operating system’s performance, it might actually be a way to improve its operating system’s security. As security researchers who spoke to MIT Technology Review noted, opening the code helps security researchers dig deeper into the operating system and find bugs and other security flaws that they might have otherwise not discovered. It also allows them to report the issues to Apple long before iOS 10 launches in the fall.

So, Apple might actually have a point that its unencrypting won’t compromise security. In fact, it could enhance its operating system’s security.

It’s possible that in the ensuing months, security researchers who now have more access to iOS than ever before will actively search for problems. It’s also possible that while they might find some issues and report them publicly, Apple will quickly patch those bugs to ensure they don’t impact users. It’s no different than a bug bounty program; Apple could be seeking the security community’s help in unearthing problems in its kernel code and addressing them.

For more on iPhone, watch:

Of course, this is a decidedly un-Apple-like move, considering the company has long maintained strict control over its mobile operating system. But it could very well be a smart move that helps keep iOS users safe in a world where an increasing number of malicious hackers are targeting mobile (including iOS) users.

Update 06/23/16 at 12:36 p.m. with Apple’s statement.


You May Like