In most ways, iOS is no more "secure by design" than most other operating systems, and yet, as a practical matter, security problems have been slight in the real world. Apple has gotten away with doing far less than they might have, in no small part because third party security vendors filled in the gaps.
The deficiencies in Apple's security management spawned the Mobile Device Management (MDM) and Mobile Application Management (MAM) industries. It is in these areas, which allow IT to manage and control the usage of mobile devices, where iOS 7's strongest improvements lie.
There are features with broader appeal, such as Touch ID, the first usable biometrics in a phone, and remote lock, which protects lost and stolen phones. And there are other important improvements that are even more obscure than MDM improvements.
In the pages that follow I describe seven improvements that make iOS 7 a much more secure operating system in an enterprise setting than iOS 6.
If your phone is lost or stolen, Find My iPhone allows you to locate or wipe it. iOS 7 improves the feature greatly by letting the user provide a message to display on the phone and prevent all other use. Even if the phone is wiped, iOS 7 will still prevent all use until the registered owner logs in to the proper iCloud account.
This is the one the ones that everyone knows about. For the most part, the same rationale for this feature apply both to business and consumer use. Nobody wants their phone to get lost or stolen. If it's lost they want to make it easy for someone to return it. If it's stolen they want the data protected from access and the phone to be useless to the thieves.
It's because of this feature and similar ones from Microsoft and Google that I think the incentive for phone theft will diminish a great deal in the next few years.
If IT wants to, they can manage the Find My iPhone setting through the new MDM interfaces (more about that just ahead), including putting the device in "lost" mode. But in order to make it manageable, the phone's user (specifically, someone with the phone's iCloud credentials) will first need to disable the setting.
Remote wipe still works on remotely-locked systems, but then a user would still need to enter the phone's iCloud credentials when booting out of the wipe.
Mobile Device Management (MDM) was invented by BlackBerry, but the MDM business was created by Apple when they ripped off the BlackBerry API and opened it up to outside management systems. Now there are scores of companies selling mobile management and some, like MobileIron, AirWatch and Good Technology, are quite large.
But Apple's MDM API was quite limited (until just recently). These 3rd parties came in and devised new techniques to manage applications and costs and to provide more precise device management. These techniques have come to be known as Mobile Application Management (MAM) and Enterprise Mobility Management (EMM).
Now, in iOS 7, Apple has vastly expanded the management capabilities of iOS. Some examples: IT can prevent an iOS user from making changes to or removing accounts on the device. IT can control which devices a managed iOS 7 device can pair with over Bluetooth. IT can control user changes to device settings like wallpaper, can disable a personal hotspot, can query the device to see if various settings are made, and can limit ad tracking. An enterprise can even specify MDM enrollment at the time of purchase. Some other capabilities deserve specific treatment, which I provide in the pages to come.
It's not clear that the established MDM companies are seriously threatened by Apple bundling these features. Few large customers are going to mandate iOS clients and the independent companies can also support Android and Windows Phone, and many of the companies can claim far better features. But strong baseline security is always a good thing for overall security of the installed base.
Every new version of iOS fixes security problems in the previous one, but iOS 7 does more of this than usual. As I wrote about separately, iOS 7 patches 80 vulnerabilities in iOS 6. This alone puts heavy pressure on users and IT to upgrade, as Apple is not going to patch iOS 6.
Every new iOS device also usually casts some old one into the "unsupported" bin. The iPhone 3GS and iPad (first generation) can't upgrade to iOS 7 and therefore will remain vulnerable.
Two specific vulnerabilities demonstrate the severity of the situation: CVE-2013-1025 is a buffer overflow in iOS CoreGraphics, allowing an attacker to take control of the process with a malicious PDF, but only in the context of the sandboxed browser. CVE-2013-3953 is a privilege escalation vulnerability which allows a malicious program to break out of the sandbox. Combined, CVE-2013-1025 and CVE-2013-3953 can lead to full control just by viewing a web site. This, incidentally is exactly what the famous JailbreakMe did: combining code execution and privilege escalation vulnerabilities to create a complete compromise via simple web browsing.
Yes, both the CVE-2013-1025 and CVE-2013-3953 are now patched patched, but it shows that these things happen on iOS.
When a user clicks "Share" to specify an app in which a document should open, he creates many potential software problems: Open in makes a copy of the document and the application may not be considered secure.
In iOS 7, through the MDM interfaces, IT can specify which apps are allowed to handle specific content types, potentially limiting that access to managed apps. They call this "Managed Open-In."
System-wide VPNs on mobiles are considered undesirable, partly as a security measure and partly because the company doesn't necessarily want to run all a user's personal traffic through their VPN.
For some time, MDM vendors have been allowing IT to specify per-app VPNs: each instance of each managed app gets its own VPN tunnel. Now iOS 7 allows these per-app VPNs through the MDM interfaces.
The VPN is managed entirely by IT. When the app is launched it opens up a VPN tunnel and when it terminates it closes that tunnel. The user launches and uses the app as they normally would, and should see no difference from it running through the VPN.
At the company end, the VPN could be any of dozens of VPN products from F5, Cisco, Juniper or anyone else, but the VPN products may need to be updated to support this feature.
Nobody likes entering passwords, and it's all that much worse typing them on glass on a tiny phone. With Enterprise single sign-on, IT can allow users to enter one set of enterprise credentials and be authenticated for any app.
Previous versions of iOS allowed this for all apps by the same vendor, but in iOS 7 any app by any vendor can be included.
IT can also specify a set of URL prefixes to be included for single sign-on. If the user visits any site that starts with the prefix (e.g. http://www.zdnet.com/topic-apple/), iOS will send the credentials to the server.
There have been attempts at biometrics in mobile devices before, but they were never easy to use, reliable and mass-market. It figured that Apple would be the first to do this.
Touch ID is a fingerprint sensor, so far only on the iPhone 5S, built into the Home button. It handles biometric authentication and authorization and returns a simple yes or no to iOS 7.
There's definitely some question as to how secure Touch ID can be. It may not be secure enough for an enterprise. It's also important to note that Touch ID is not two-factor authentication (2FA). You can use a passcode or the fingerprint, but you can't require both. The goal of 2FA, from one perspective, is to make it harder to log in, and Apple isn't interested in that.
But it's more complicated than that. Touch ID users have to have a passcode as a backup, and if the device is rebooted or hasn't been unlocked in 48 hours the passcode is required. This may make it practical for IT to require very secure passcodes, perhaps 7 or more characters, while still making it easy to access the device on a regular basis.