EvernoteExport

IOSApplicationSecurityPart 6- NewSecurityFeaturesinIOS7.html[25.05.201418:00:58]
This article will be a small deviation fromthe other parts in this series. In this articles, we will discuss about the latest security features introduced in
IOS 7.
Getting IOS 7.
To get IOS 7 beta, you have to be a registered apple developer. Go to http://developer.apple.com, log in with your registered Apple ID, and go to
this url. Then click on the IOS 7 SDK tab on the top and click on Downloads. You can then download the latest build of IOS 7 beta.
Here are some of the new security features introduced with IOS 7.
Activation Lock
Previously, if some user had lost their iPhone, they could use the Find my Iphoneapp to track down their phone using GPS. But there was one
very big flaw with this whole process. Even a not so aware thief could perfoma factory reset of the device and that would just erase all contents
and settings on he device. However, now with the activation lock feature, the thief would need to know the password for the Apple Id of the user in
order to performa factory reset.
To Check this feature Go To Set t i ngs , then Gener al , then scroll to the bottomand you will see a Reset button.
IOS Application Security Part 6 - New Security Features in IOS 7
Source: http://highaltitudehacks.com/2013/07/25/ios-application-security-part-6-new-security-features-in-ios-7/
IOS Application Security Part 6 - New Security Features in IOS 7
J ul 25th, 2013
Posed by Prateek .
EvernoteExport
IOSApplicationSecurityPart 6- NewSecurityFeaturesinIOS7.html[25.05.201418:00:58]
If you tap on this button and then tap on Er ase Al l Cont ent s and Set t i ngs , you will see a popup which asks for your Apple Id password.
EvernoteExport
IOSApplicationSecurityPart 6- NewSecurityFeaturesinIOS7.html[25.05.201418:00:58]
This is a very handy feature and prevents the thief fromresetting your iPhones settings and data. But we can be sure thats its just a matter of time
before someone finds a workaround for it after this is released to the public. You will get the same popup when you to go your iCloud Settings and
try to turn off Fi nd My i Phone .
EvernoteExport
IOSApplicationSecurityPart 6- NewSecurityFeaturesinIOS7.html[25.05.201418:00:58]
As you can see, we get an alert asking for the Apple Id password.
EvernoteExport
IOSApplicationSecurityPart 6- NewSecurityFeaturesinIOS7.html[25.05.201418:00:58]
Encrypted data transfer with Airdrop
Airdrop lets you share files with anyone around you with just a tap. Airdrop was introduced for IOS with IOS 7. The good thing about this is that the
files are encrypted. By default, this service only lets you be visible to only your contacts. But you can change this setting as well.
EvernoteExport
IOSApplicationSecurityPart 6- NewSecurityFeaturesinIOS7.html[25.05.201418:00:58]
Third-party app data protection.
Data protection is a feature for those devices that support hardware encryption, which means it supports devices fromIphone 3Gs and so on.
According to Apple
Dat a pr ot ect i on enhances t he bui l t - i n har dwar e encr ypt i on by pr ot ect i ng t he har dwar e encr ypt i on keys wi t h your passcode. Thi s pr ovi des an addi t i onal l ayer of pr ot ect i on f or your emai l messages and at t achment s. Thi r d- par t y appl i cat i ons can use t he dat a pr ot ect i on API s i n i OS 4 and l at er t o f ur t her pr ot ect appl i cat i on dat a.
Uptil IOS 6, if you go to Set t i ngs - > Gener al - > Passcode and choose a passcode, you will see at the bottomthat there is a text saying
Dat a Pr ot ect i on i s Enabl ed . This meant that data protection was enabled for the default Apple apps that come with IOS 6.
EvernoteExport
IOSApplicationSecurityPart 6- NewSecurityFeaturesinIOS7.html[25.05.201418:00:58]
Previously, the developers had to use the Data protection API to make the data in their apps secure. Now, with IOS 7, all the third-party apps have
data protection enabled automatically, which means that the information contained within themis secure until the user unlocks the device. As we
know, by default, Apple allows for a 4 digit passcode that can easily be bruteforced. Hence it is advisable to use better passcodes for enhanced
security.
Security Improvements in GameCenter
If you play games regularly on IOS and regularly use Game Center to challenge friends for a game or just check out some scores, you might have
noticed some exceptionally high scores for some particular games. Usually, these are not legitimate scores but are scores that have been
tampered with.Hackers exploit vulnerabilities in the api or sometimes modify variables in the app during runtime to create such high scores. With
IOS 7, Apple has now allowed developers to make sure such tampering with the scores doesnt happen. Now, developers can set a maximum
score for every game. This way, the people with unusually high scores will not show up in the leaderboard but will still be saved on the server. The
developers can later allow these unusually high scores to show up if they want. Apple has also added some tools for developers to spy on any
suspicious activity by a user, and in such a case, block that user. Apple is also integrating signed submissions into Game Center which means that
Apple can reject scores that it believes have been tampered with. It isnt sure how they do it though.
iCloud Keychain
Most of us might have used the Safari AutoFill feature. With IOS 7, Safari now remembers much more information like username, password, credit
card numbers etc and saves it in the keychain. It then automatically fills that info whenever a user visits a website. All this information is encrypted
using 256-bit AES encryption. This keychain can also be synced via iCloud. Also, creating a new password for every new site that you sign in for
may be a bit irritating and also tough to remember. Safari comes with a built in password generator that creates a unique password for every site
that you sign in and then remembers it so you dont have to remember it yourself.
Per App VPN
Sometimes, users want to access confidential information over a secure channel, and hence they use a VPN. With IOS 7, Apple allows users to
use different VPNs for every app. This is really useful when you want to access your office related information through a VPN provided by your
office but for other apps, you are better off using another VPN. This feature will also be useful for government employees who want to acccess
confidential data through their mobile apps.
If you are an IOS developer and want to learn about the new things introduced with IOS 7, you can check out the WWDC 2013 videos here
https://developer.apple.com/wwdc/videos/
References:
Apple sticks it to cheaters with Game Center on iOS 7
http://www.idownloadblog.com/2013/06/15/ios7-game-center-dev-tools/