Apple‘s iOS devices come with some of the best security features in the handset industry, including the ability to encrypt emails instantly. However, a security researcher has now revealed that email encryption hasn’t been working in iOS 7 devices.
The find is very surprising because Apple has always took pride in its iOS email, which is far more safe than what other vendors offer. This is precisely the reason emailing through their iOS devices is a very popular activity among the owners of iPhones and iPads.
However, according to a notable German security researcher Andreas Kurtz, Apple has quietly pulled the plug on email encryption in devices running iOS 7 or higher. This means that if your iPhone or iPad has iOS 7, the emails and the attachments you are sending from it are no longer encrypted. The problem is fairly serious because it can undermine the email security of iOS users.
Kurtz further says that the problem persists in the recent iOS 7.1.1 update as well. According to him, “I reported these findings to Apple. They responded that they were aware of this issue, but did not state any date when a fix is to be expected. Considering the long time iOS 7 is available by now and the sensitivity of email attachments many enterprises share on their devices (fundamentally relying on data protection), I expected a near-term patch. Unfortunately, even today’s iOS 7.1.1 did not remedy the issue, leaving users at risk of data theft. As a workaround, concerned users may disable mail synchronization (at least on devices where the bootrom is exploitable).”
So if you use your iOS device for critically important emails, it would be wise to give up on that practice for a while. Or at least until Apple starts offering email encryption on iOS 7 devices again.
Source: Andreas Kurtz