"Siri scares the hell out of me, to be honest," says Paul Henry, security and forensic analyst at Lumension, adding that Apple has provided no explanation about what it's mining the Siri data for, if anything. He points out Apple has incited privacy and security concerns before, when it was recognized that Apple was sending location data back to Apple, purportedly to use for targeted ads.
Apple is going to find it hard to win the confidence of the enterprise security manager without addressing Siri, Henry says. Google and Microsoft, as well as VMware, have all been better than Apple in disclosures related to security in their products. But Apple, which is consumer-focused, hasn't yet reached the level of response that IT security managers traditionally expect, he notes.
But Henry also notes that Apple shows definite signs of change in wanting to be more responsive about security in order to have its Apple iOS smartphones and tablets adopted in the enterprise and government sectors where strict security and detailed technical understanding may be demanded.
For one thing, Apple quietly in the last week or so released "iOS Security, May 2012" that for the first time puts into a simple document an explanation about security in iOS devices, says Henry. He notes it's not as though no one knew anything about them at all before, with the research community probing Apple mobile devices for years, but the new document represents Apple's attempt to finally formally explain to the enterprise what's going on under the covers.
The Apple "iOS Security, May 2012" document is a simple technical explanation of how file-data protection, encryption, passcode system, certificate-signing process, secure boot chain, VPN use, network security, Wi-Fi and device access are all intended to function securely. Many are certain to want to hear more.