Security Awareness Blog

Auto-updating on iOS7 / Maverick

Over the weekend I got a chance to download and play with Apple's new iOS7. From a security perspective, the feature I have seen receive the most attention is the iPhone/iOS's new fingerprint biometric support. However, there is something else that I feel is important that has NOT received the attention it deserves. iOS7 now supports auto-updating. You have to enable it by default (see image) but once enabled it does exactly what it sounds like, it automatically downloads updates for your apps and installs them. I feel this option is brilliant, as many people tend to forget to update their system and apps. In fact, people failing to update their devices is one of the top seven human risks. While this solution not for everyone (especially corporate use) I recommend this for most ordinary computer users, including myself.

By the way, the new upcoming Maverick Mac operating system has the same option for OS/Mac App updates. Woo woo!

3 Comments

Posted September 25, 2013 at 9:48 PM | Permalink | Reply

Jim

Android has auto-updated for at least the past three years. Google uses 2-step verification. See http://www.androidauthority.com/fingerprints-and-security-272092/ re: a rather persuasive argument against using fingerprint scanning. Also, android provides remote wipe capability of all data on your device. See https://support.google.com/accounts/answer/3265955?hl=en.

Posted September 26, 2013 at 1:15 PM | Permalink | Reply

lspitzner

This is great stuff, thanks for sharing! The simpler we make security for people, the better.

Posted October 10, 2013 at 3:26 PM | Permalink | Reply

HJohn

One unfortunate thing I've seen happen is when, after an update, things quit working and users have a heckuva time straightening it out. This makes them fear the updates more than they fear the vulnerabilities. To compound this, users often do not blame the vulnerabilities for problems because they may not experience a direct link, whereas if an update causes problems they will immediately associate it.
I've compared this to dental upkeep before. Sometimes you risk/endure a little bit of hurt with your dentist to avoid serious harm to your teeth. Similar with patches, which may be inconvenient and frustrating, but nothing like having your security compromised.