Apple recently showed off a preview version of iOS 10 at a developers conference and as developers are wont to do they immediately hacked into the code to see what they could find inside. Many of them were very surprised to find that Apple had left the kernel of the OS unencrypted. Some were surprised enough that they assumed Apple had made a mistake.
As it turns out Apple intentionally, left the kernel of iOS 10 unencrypted and it did so for performance. “The kernel cache doesn’t contain any user info, and by unencrypting it we’re able to optimize the operating system’s performance without compromising security,” an Apple spokesperson told TechCrunch.
So there you have it, there is no personal information in the kernel and Apple saw no need to encrypt it. This is a first for Apple; in previous iterations of iOS, the kernel was encrypted. The kernel is the part of the OS that manages security and places limits on what hardware apps can access inside the device. By leaving the kernel unencrypted researchers and developers can now poke around in the deepest recesses under iOS’ hood.
Some security researchers were so shocked that Apple left the kernel unencrypted, that they believed it was a mistake. “This would have been an incredibly glaring oversight, like forgetting to put doors on an elevator,” said iOS security expert Jonathan Zdziarski in an interview with MIT Technology Review. Letting researchers poke around under the hood could be a good thing allowing them to help Apple find holes in security and fix issues faster than was possible in the past. This is certainly the latest sign that Apple is moving towards being more transparent with security issues.