As a means of comparison, Microsoft supplied the answers to Storms questions for Apple as if he had asked them of Windows Mobile. Microsofts answers:
Is data encrypted while in transit? Yes, the data is transported using SSL, so it is encrypted during transit
Is data encrypted on the device? No.
Is data encrypted on removable memory? Yes.
Is data removed if the device hasnt checked in centrally, hasnt received a policy update within a time window or if battery power is too low? No. However, please note the Exchange server can remotely wipe the device. The device is also wiped if the password is entered too many times as a security measure.
Is there S/MIME support? Yes.
Is there PGP support? No (need third-party application).
Are there electromagnetic analysis countermeasures? No.
Are there DRM applications (ability to read but not forward data)? Yes, support for DRM for media content and IRM for e-mail (read and create is supported).
Is there user authentication by means of password, passphrase or smart card? Yes. Windows Mobile 6 includes the ability to lock your device and require a password to use the device after a specified period of disuse.
Does the device automatically lock and require authentication to unlock? Yes.
Are the encryption keys stored on the devices, and are they also encrypted? Yes, stored on the device and is possible to encrypt them.
Do the network devices have firewalls? No.
Are the network interfaces disabled by default, and does the user have the ability to disable at will? User can disable.
Is there the ability to remotely lock and disable the device? Yes.
Is there the ability to remotely wipe and back up data? Yes, can wipe but cannot back up data.
Is there the ability to centrally develop and enforce policy settings? Yes.
Is there centralized reporting of all device eventscalls made, data transferred and usage statistics? No, not today.
The iPhone also wont support pushed e-mail; Sync, the "old-fashioned way of doing things," will basically be the only way to download e-mail, Dulaney said. At any rate, Apple is annoying some analysts with its lack of security details. "They really have said absolutely nothing," Dulaney said. "The way theyve been with everybody borders on arrogance. They should tell people what theyre getting into." As far as what Apple is saying, Dulaney said he has trouble believing the companys claims about the smart phone, including battery life claims. Is the Mac making a stealth entry into the enterprise? Some sites say its so. Click here to read more. "Apple [is claiming] almost a 2x ratio of standby to talk time of other devices," he said. "Which says to me, if you have given the same amount of capacity on the network with the same battery capacity, [various smart phones battery lives] should be the same, which Nokias and BlackBerrys basically are. Apples never made a phone before. Do they have a nuclear generator in there? They could have filled every nook and cranny with liquid polymer stuff, but its hard to tell." And then again, theres the option of not caring about iPhone security. Security firm Matasanos Dave Goldsmith wrote in the company blogin its headline, actuallythat "Matasano Does Not Care About iPhone Security." "If you are responsible for keeping data inside of your organization, for the love of everything that is holy, please dont spend too much time on the iPhone," Goldsmith said. The rationale: "Allow us to remind you about all of the data breaches that are happening thanks to insecure wireless access points, tape backups disappearing, wrapping your newspapers in customers personal financial information, and stolen laptops. "Will the iPhone compound this problem? Slightly. "Will researchers attack the iPhone? You bet. "Will attackers spend a lot of time trying to steal data off of an iPhone? I doubt it. "Will someone run Linux on the iPhone? Sadly, yes. The person that spends 500$ on their phone will protect it more than the laptop you issued them." Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
One source of potential security risk that wont be on the iPhone is Exchange. Dulaney said that Apple told him the iPhone will support Outlook but not the Exchange server. The only e-mail Apple plans to support on the smart phone is ISP e-maila fairly rudimentary version of e-mail.