How much control should you have over your hardware?
The most recent update for Apple’s iOS, iOS 9.3.4 doesn’t actually do a whole lot. You might expect that, because it’s a minor point release, updating iOS from 9.3.3. We’ll see a full version release, iOS 10 before the end of the year, and possibly as soon as mid-September depending on whether the current run of iPhone rumours are to be released.
iOS 9.3.4, which is “recommended” by Apple for all devices running iOS 9, including iPhones, iPads and selected iPod Touch models, only really does one bit of patching.
Installing the update is, by the way, remarkably easy. If you’re not in fact prompted by your device to install it, you can simply open the Settings app, tap “General” and then “Software Update” to grab the update, or any others you might not have applied already.
The release notes are rather dry and technical, and read as follows:
Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed through improved memory handling.
CVE-2016-4654: Team Pangu
You might, not unsurprisingly figure that this is indecipherable technical jargon, but what 9.3.4 does rather specifically is break the current most popular route to jailbreaking iOS devices. Jailbroken devices skip past the software controls that Apple puts in place around its iOS devices, which means that they’re devices that can run other apps that Apple might not approve. There are some interesting things that can be done with jailbroken devices, including setting new default applications for things like Mail or Web browsing, something Apple sees as a big no-no. It’s still very much an enthusiast’s pastime, however, because the freedom to install anything brings with it the potential risks of, well, installing anything, including malware onto iOS devices.
Apple’s been incredibly active in trying to lock down any major security holes in iOS to a level that Google’s competing and much more open Android platform hasn’t been able to. Google Play has done a fair job of squashing malicious apps as they’ve appeared in the Play Store, but in Apple’s case there’s never really been a major release of malicious apps for that control reason. The same isn’t true for the third party jailbroken app stores, however, so anyone keen on jailbreaking their devices has to tread carefully.
That being said, with the sole function of iOS 9.3.4 being to block the exploit that allows iPhones and iPads to be jailbroken, it does rather raise the spectre of whether or not Apple should exert that kind of control over hardware that you’ve purchased. It’s a tough argument from either side. There’s little doubt that Apple’s strong grip over iOS has kept it free from the kinds of malware and exploits that can afflict Windows PCs, for example. Both are popular, wide usage platforms, but iOS has remained essentially malware free.
At the same time that it’s remained malware free, many critical usage cases have been explicitly blocked by Apple at its whim. Want a different mail client, web browser or music player as your default on iOS? Tough luck, you can’t have them that way. Apple is relaxing its mandatory install policy for its apps in the upcoming iOS 10, so you can finally dump those mostly useless stocks and weather apps from your iPhone, and even the mail client if you like, but you can’t set new defaults. Uninstall mail, and the next time you click on a mail link on a web page, it will simply prompt you to reinstall the app again.