The PhoneBoy Blog

What’s With The Encryption in the iPhone 3GS?

03 Jul 2009

To the right, you can see the small blurb that exists on Apple’s website about the built-in encryption feature on the iPhone 3GS. Wanting to find out more, I of course tried searching Apple’s website. There’s not much about it other than it’s there.

I asked some iPhone developers about this feature. In short, there isn’t much to the feature. It is transparent, always happening, and not controllable by any APIs. It can’t be turned off, it can’t be turned on. It’s always happening, always there.

On one hand, I like the simplicity and transparency of the feature. I like that it is not possible to programatically affect the encryption in any way. However, it bothers me that there isn’t a lot of details about the encryption on the website. What kind of encryption is being done? How long is the encryption key? How often is the encryption key changed? What is being done to protect the encryption key from being read either programatically or by hardware hacking methods? Does the “remote wipe” function simply cause the encryption key to be forgotten, rending the device memory complete gibberish? Is the remote wipe function controllable from ActiveSync?

Answers to these kinds of questions would undoubtedly make it easier for the iPhone 3GS to be accepted into enterprise environments. They could know, with a fair degree of certainty, that these devices have secure, encrypted storage that isn’t subject to being decrypted and read in an authorized manner.

Related articles by Zemanta

• Inside iPhone 3.0: Fix too-strict passcode lock settings for Exchange users (tuaw.com)
• Does Apple Want iPhone 3GS Buyers to Go Blind or Die of Boredom? [Blockquote] (i.gizmodo.com)
• iPhone Devs, start talking back to Apple! The Unofficial iPhone SDK Feedback Project is here. (thenextweb.com)
• iPhone OS 3.0 adopts some BlackBerry-like security (macworld.com)
• Emoji for iChat adds… emoji to iChat (tuaw.com)