Tuesday, March 29, 2016

Apple CareKit - what does it all mean?

Earlier this week, I was asked if I had any opinion on the security implications of Apple's newly announced CareKit.  Some of that made it in this WIRED article.  But for the record, I figured I'd do something a little more comprehensive.

The idea of CareKit is noble and to be fair, I haven't looked at any of the apps that are being developed.  The framework itself is not yet available to the public to examine. I'll come from a place of assuming that Apple has done a great job of locking the data down within the framework itself and that the data being transmitted to Apple is secure in transit and at rest in Apple's cloud.  Given that, I see two primary potential issues:
  1. The framework itself is secure but apps built with it are not.  This is highly likely to happen, I've seen some absolute train wrecks in apps we've looked at.  This is true even among those that store sensitive financial and health data.  Once the user gives the app permission to access data from CareKit repositories, there's little way for Apple to control what the app developer does with it after it has been shared with the app.
  2. The framework is adopted on a wide scale and users are de facto required to use a CareKit application to get an affordable insurance rate, etc.  Data collected and stored within CareKit will be a gold mine for all sorts of civil and criminal litigation.  I can't wait to get my hands on a copy of the framework to see what sort of data might be available with a subpoena.  Users will be shocked what can be reconstructed from simple things captured with the accelerometer (how far they traveled on foot during a particular time for instance). 

But if we are going to trust Apple with this data, I think this makes a very strong argument for keeping the data away from prying eyes.  In other words, this makes a great case for wide scale encryption on the iPhone with no back doors.  What data can be subpoenaed and what is the burden for law enforcement?  Medical records are not easy to get under subpoena today, CareKit data should be no different.

At Rendition Infosec, we'll treat CareKit just like we do any other technology.  That is we won't recommend it to clients without vetting the technology for security flaws.  Assuming that someone else has done the due diligence is an absolute non-starter.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.