NEWS ANALYSIS: As the rhetoric and the legal motions in the Apple vs. FBI flap heat up, new numbers emerge on the actual status and use of encryption protection
Since Feb. 16, the very public dispute between Apple and the FBI has raged, with the use of encryption on mobile devices at the center of the argument. The FBI wants Apple’s assistance to help circumvent the passcode lockout on an iPhone 5C used by one of the suspects in a Dec. 2, 2015 mass shooting that killed 14 people and wounded 22 others in San Bernardino, Calif. Apple is steadfastly refusing the government’s requests.
While the FBI has argued it is looking for help to unlock a single user device, Apple has argued that the impact is significantly wider, exposing all iOS users to risk and endangering the constitutional rights of users.
But what is the risk? How many iOS users actually employ Apple’s security features that the FBI now wants to circumvent?
As it turns out, quite a lot. New data from Duo Security implies that the vast majority of current iOS users benefit from Apple’s encryption technologies today. Duo Security is a cloud-based secure access provider and pulls its data from approximately 2 million phones it helps to manage.
First the good news. For Apple iOS users, 93 percent use a passcode for locking their screens.
Going a step further, 48 percent of iOS devices surveyed by Duo Security are running iOS 9.2 with both a passcode as well as Apple’s Touch ID biometric authentication technology.
On the not-so-good news side, 50 percent of iOS devices are running iOS 9.1 or below and don’t enable both a passcode as well as Touch ID. Only 2 percent of devices are running an even older iteration of Apple’s mobile operating system below iOS 8, without either a passcode or Touch ID.
The widespread use of Apple devices running iOS 8.0 or higher is good news for privacy, according to Duo, as it means that Apple is not able to decrypt data on demand for those devices, thanks to improvements made in current iOS releases.
While Apple customers are largely making use of security features in iOS, the story is somewhat different when it comes to Google Android devices that Duo Security surveyed. The majority of those on Android aren’t using a passcode to lock their screens, without which anyone can simply access a device.
“It’s an interesting comparison to note that over 90 percent of users on iOS have the basic protection of a screen-lock passcode, and only one-third of users on Android do the same,” Mike Hanley, head of research and development at Duo Security, told eWEEK. “While it’s only one of many security features on both platforms, the dramatic difference in adoption at least suggests Apple is doing a better job of enrolling users in these features out of the box and encouraging safe and secure usage of their devices without requiring users to understand the inner workings or every possible threat to their device.”
Originally published on eWeek.
Are you a security pro? Try our quiz!