For the last few years, Apple has made security and privacy cornerstones of its iOS development process. Last year, the company went to bat directly against the FBI over whether or not it could be forced to unlock an iPhone under the All Writs Act. While that case ended without resolving the core question at hand, the FBI dropped the case because it claimed it now had access to the data it wanted from the iPhone — even without Apple’s help.
That outcome may have been partly behind Cupertino’s recent decision to open part of its iOS operating system. In previous versions, iOS has encrypted both its kernel and its user data. In the latest beta, only user data remains encrypted, while the kernel is now unencrypted. Apple provided the following statement to the MIT Technology Review after initially refusing to comment. “By unencrypting it we’re able to optimize the operating system’s performance without compromising security.” Apple did not respond to questions regarding how the operating system’s performance would be improved.
Full-disk encryption is known to reduce performance, generally speaking. But encrypting the kernel shouldn’t dramatically impact performance one way or the other, assuming Apple makes use of the AES encryption/decryption support within its own processors.
From an iOS security presentation by IBM
One explanation is that while the change could improve performance in some corner cases, it could also be a way of encouraging security researchers to examine Apple products. The FBI appears to have found a way to access data on an iPhone that was supposedly secured against such efforts, and the NSA is known to keep its own stable of zero-day exploits and other flaws. The flip side is that it could also aid people who want to find such bugs and keep them secret or exploit them in malware attacks. In the past, Apple hasn’t been willing to offer bug bounty payments to security researchers who find bugs in its software, unlike companies like Google, which do offer such programs.
We’ll have to wait for iOS 10 to drop before we can measure any performance improvements, though whether or not any given performance jump is due specifically to the unencrypted kernel or to other changes will require some fairly significant analysis. The general feeling is that this is more of a security concern than a technical performance issue, though it’s possible that older iDevices might still see some benefit. Historically, older hardware doesn’t do well when coping when the latest iOS improvements, and with the 4S finally shuffling off the mortal coil this year, the iPhone 5C will become the oldest iPhone still in active support.