Apple Inc. Left iOS 10 Core Code Unencrypted To Streamline Software, Not Improve Security

With iOS 10, Apple took the unexpected — and unprecedented — move of leaving the core code of its mobile operating system unencrypted. The exact reason remains a mystery, but a source with knowledge of Apple's plans confirmed it was not an attempt to improve the security of Apple's software.

The source, who is familiar with Apple's motivation, told International Business Times the decision to leave the kernel cache unencrypted concerned “simplifying the OS without adversely affecting security,” and not a bid to help improve the security of the software as some had speculated.

Apple revealed iOS 10 at its annual developer conference this month, launching a preview version of the software for developers the same day. Following the high-profile battle between Apple and the FBI over unlocking an iPhone used by a shooter in December's San Bernardino, California, terrorist attack, any new security measures in the software were always going to attract a lot of attention.

When security experts examined the code, they found something they had never seen before — the kernel cache of iOS was unencrypted.

The kernel is the part of the operating system that controls how apps are allowed to use the device's hardware, as well as enforcing security. This part of iOS has always been encrypted previously, forcing researchers and hackers to find ways around it in order to find flaws with the system.

Apple failed to mention or address this change at its WWDC conference last week, meaning some speculated that the change was either a huge mistake on the part of one of Apple's engineers or a security measure to help researchers more easily find flaws with the software.

The reality is that Apple was simply taking advantage of the fact that because there is no personal or user information stored here (it contains kernel, device driver and configuration files) Apple decided it was easier and more efficient to leave it unencrypted.

“Unencrypting the kernel cache was not a move related to security, since most media seem to believe/speculate that's the impetus behind this,” the source said.