The Federal Office for Information Security (BSI) repeatedly takes on digital products to test their secure use in everyday use. In cooperation with Apple, the general security properties of the iPhone and iPad operating systems have now been examined.
The BSI’s audit found that the embedded security features of iOS and iPadOS are effective. This means that sensitive information can be processed in the Apple applications for e-mail, calendar and contacts. According to the authority, the Apple system is even suitable for classified information in the “For official use only” category.
BSI rates Apple’s operating system as safe
The BSI sees the decisive factor in the iOS or iPadOS operating system installed on the devices. The independent assessment of both systems according to international standards was carried out with the approval of Apple. The BSI sees the pre-installed applications, which as “first-party apps” enable basic everyday functions, as an advantage for security. This is convenient in that it eliminates the need to resort to third-party apps and limits the download of malicious programs.
The possibility of creating an encrypted Internet connection via a Virtual Private Network (VPN) is also an advantage. In addition, programs for managing end devices with integrated Mobile Device Management (MDM) in the Apple operating system are ready for use. In this way, company-owned smartphones can be supplied with updates and configured via a program. As a result, the federal authority was able to issue a recommendation for state use, even though the iPhones and iPads were commercially available.
You might also be interested in this: iPhone 14 is here! All innovations at a glance
Further cooperation between the BSI and Apple
The BSI has also announced that it will continue to work closely with Apple. This means that future joint reviews by Apple will be carried out regularly by the BSI. Cooperation should also be established in the field of mobile IT security. Follow-up developments especially for the authorities are planned for 2022.
Despite secure devices, federal security scandals continue to stem from human error. During the eavesdropping scandal involving ex-Chancellor Angela Merkel in 2013, the Düsseldorf company Secusmart secured special Blackberrys to make them eavesdropping-proof. At that time, Secusmart supplied voice encryption consisting of software and an encrypted chip. All federal ministries and many Dax companies were supplied with it. But for internal party communication, Merkel used an unsecured mobile phone that was tapped by the American secret service NSA. The example shows that human error or targeted manipulation through human influence (social engineering) represents an additional risk.