As users update their iPhone software to iOS 8 or update their hardware to the latest iPhone, they'll find a few more prompts and notifications in reference to privacy and security.
And that's because Apple is doubling down on efforts to make its devices and services all the more focused on protecting your information. Updating to iOS 8 brings a new level of encryption for user data; Apple says it "has no way to decrypt iMessage and FaceTime data when it’s in transit between devices," and "wouldn’t be able to comply with a wiretap order even if [it] wanted to." (Video via Apple)
But while the efforts are certainly there, one security analysts suggests Apple's built-in protection might not be as secure as you're thinking.
One analyst details the process by which law enforcement could access your iOS 8 device in this blog post.
"I dumped all of my third party application data, as well as my camera reel and other media … all within a few minutes and from my locked iPhone running iOS 8 GM." GM, by the way, stands for Golden Master, a developer version of software identical to the version later released to the public.
Turns out, when you sync your phone with a computer, Apple makes it possible to access data without having to unlock the phone — that's where the vulnerability lies. Using specialized software, the researcher was able to access data on the phone by pulling information from the computer called "pairing records," which store keys to access your phone.
So despite Apple's efforts to lock down the device, it's still possible get at media files like photos, videos, books, podcasts, etc., as well as third-party app data.
But before we can get up-in-arms, a writer for Wired points out you've really got to look closely at Apple's language in announcing the new encryption practices. "Apple didn't claimed [sic] in its new privacy statement that its phone was impervious to law enforcement data extraction—only that the company wouldn't unlock iPhones and iPads on the government’s behalf."
And there are ways to protect yourself from even this vulnerability. The researcher says powering down your phone and computer when not in use, and encrypting data on your computer's hard drive will keep you protected.
That's because "pairing records" can't be used to access your phone until you've typed in your passcode at least once since it's been powered down.