INSIGHT: Is the new iPhone designed for cybersafety?

As eager customers meet the new iPhone, they’ll explore the latest installment in Apple’s decade-long drive to make sleeker and sexier phones. But to me as a scholar of cybersecurity, these revolutionary innovations have not come without compromises.

Early iPhones literally put the “smart” in the smartphone, connecting texting, internet connectivity and telephone capabilities in one intuitive device. But many of Apple’s decisions about the iPhone were driven by design – including wanting to be different or to make things simpler – rather than for practical reasons.

Many of these innovations – some starting in the very first iPhone – became standards that other device makers eventually followed. And while Apple has steadily strengthened the encryption of the data on its phones, other developments have made people less safe and secure.

The lights went out

Among Apple’s earliest design decisions was to exclude an incoming email indicator light – the little blinking LED that was common in many smartphones in 2007. LEDs could be programmed to flash differently, even using different colors to indicate whom an incoming email was from. That made it possible for people to be alerted to new messages – and decide whether to ignore them or respond – from afar.

Its absence meant that the only way for users of the iPhone to know of unread messages was by interacting with the phone’s screen – which many people now do countless times each day, in hopes of seeing a new email or other notification message. In psychology, we call this a “variable reinforcement mechanism” – when rewards are received at unpredictable intervals – which is the basis for how slot machines in Las Vegas keep someone playing.

This new distraction has complicated social interactions and makes people physically less safe, causing both distracted driving and even inattentive walking.

Email loses its head, literally

Another problem with iOS Mail is a major design flaw: It does not display full email headers – the part of each message that tells users where the email is coming from. These can be viewed on all computer-based email programs – and shortened versions are available on Android email programs.

Cybersecurity awareness trainers regularly tell users to always review header data to assess an email’s legitimacy. But this information is completely unavailable on Apple iOS Mail – meaning even if you suspect a spear-phishing email, there is really no way to detect it – which is another reason that more people fall victim to spear-phishing attacks on their phones than on their computers.

Safari gets dangerous

The iOS web browser is another casualty of iOS’s minimalism, because Apple designers removed important security indicators. For instance, all encrypted websites – where the URL displays that little lock icon next to the website’s name – possess an encryption certificate. This certificate helps verify the true identity of a webpage and can be viewed on all desktop computer browsers by simply clicking on the lock icon. It can also be viewed on the Google Chrome browser for iOS by simply tapping on the lock icon.

But there is no way to view the certificate using the iPhone’s Safari – meaning if a webpage appears suspicious, there is no way to verify its authenticity.

Everyone knows where you stand

A major iPhone innovation – building in high-quality front and back cameras and photo-sharing capabilities – has completely changed how people capture and display their memories and helped drive the rise of social media. But the iPhone’s camera captures more than just selfies.

The iPhone defaults to including in each image file metadata with the date, time and location details – latitude and longitude – where the photo was taken. Most users remain unaware that most online services include this information in posted pictures – making it possible for anyone to know exactly where the photograph someone just shared was taken. A criminal could use that information to find out when a person is not at home and burglarize the place then, as the infamous Hollywood “Bling Ring” did with social media posts.

In the 10 years since the first iPhone arrived, cyberattacks have evolved and the cybersecurity stakes are higher for individuals. The main concern used to be viruses targeting corporate networks; now the biggest problem is attackers targeting users directly using spear-phishing emails and spoofed websites.

Today, unsafe decisions are far easier to make on your phone than on your computer. And more people now use their phones for doing more things than ever before. Making phones slimmer, shinier and sexier is great. But making sure every user can make cybersafe decisions is yet to be “Designed by Apple.” Here’s hoping the next iPhone does that.

Vishwanath is an associate professor of communication at University at Buffalo.

Reader Comments ...

Next Up in Opinion

Opinion: A little too much reality in the show?

Watching the parade of porn stars, reality TV contestants and former Playboy models lining up to lambaste the president of the United States, as well as the daily trove of stories of wife beating, naked nepotism, gambling and official corruption among his Cabinet members and White House staff, I was reminded of a story Bill Buckley once told. He had...
Opinion: Trump and his team in thrall to zombie ideas

Almost four decades have passed since Daniel Patrick Moynihan famously declared, “Of a sudden, the GOP has become a party of ideas.” And his statement still holds true, with one modification: These days, Republicans are a party of zombie ideas — ideas that should have died long ago, yet still keep shambling along, eating politicians&rsquo...
Commentary: Why Austin should take Dale Watson’s exit seriously
Commentary: Why Austin should take Dale Watson’s exit seriously

There’s a conversation in Austin that’s as predictable as starting the day with breakfast tacos and it revolves around the question that’s on a lot of people’s minds: Is our Austin dying? From Pinballz to Luis’ Corner Barber Shop and Yoga Vida to the patio over at LaLa’s, we love talking about what Austin is evolving...
Letters to the editor: March 25, 2018
Letters to the editor: March 25, 2018

Truly we all feel the Austin Police Department did an outstanding job of apprehending the bomber that terrified the city. As many other law enforcement agencies assisted in this process, the Austin police served as the base to create the successful outcome. The mayor and City Council can now come to terms to provide a mutually agreed upon contract...
Herman: Napkin folding, hand kissing and other diplomatic intricacies
Herman: Napkin folding, hand kissing and other diplomatic intricacies

Our president recently tweeted this at us: “Mike Pompeo, Director of the CIA, will become our new Secretary of State. He will do a fantastic job!” Exciting. The guy in charge of getting dirt on other countries will become the guy in charge of getting along with other countries. What could possibly go wrong? The change means Secretary of...
More Stories