Once you got past the fawning over Steve Jobs and the comical rebranding of retail stores, yesterday’s Apple Event had some news with important IT implications.
Apple unveiled the Apple Watch 3, its first smartwatch with LTE connectivity. And the new iPhone X — the X is pronounced 10 for some reason — comes with Face ID, which lets users unlock the device with facial recognition technology. IT pros who manage and secure Apple devices should pay attention to both developments.
More Apple Watch 3 enterprise management needed
Previous Apple Watch models relied on a Bluetooth connection to an iPhone for most of their functionality. (The Apple Watch 2 can make and receive calls and use iMessage and some third-party apps without an iPhone, but these tasks require Wi-Fi. And without an iPhone, the watch can only connect to Wi-Fi networks it has previously joined, so its usefulness is limited.)
Because of the Apple Watch’s dependence on the iPhone, IT hasn’t had to do much additional management and security work. Admins can outright prohibit a corporate-owned iPhone in Supervised Mode from pairing with an Apple Watch through the iOS mobile device management (MDM) APIs. Otherwise, if a user can get corporate email through their iPhone’s native Mail app, they can get it on their Apple Watch too. Conversely, if IT enforces a certain policy on an iPhone app, and the Apple Watch version of that app requires an iPhone connection, the same policy will effectively apply there as well.
That could all change. Although it’s not clear yet how exactly Apple Watch 3 enterprise management will work, LTE connectivity eliminates the iPhone requirement, which could make the smartwatch an entirely new device that IT has to manage and secure. It wouldn’t be an immediate problem for most organizations, because enterprise use cases for smartwatches are still emerging, but there could be an uptick in simple user requests for things like email access.
Additionally, the major U.S. carriers will charge $10 a month to add an Apple Watch 3 to existing data plans. That could be an issue for organizations that pay for employees’ devices and data, as Jack Madden of BrianMadden.com pointed out.
Face ID enterprise security concerns emerge
Face ID is Apple’s latest biometric authentication feature, following in the footsteps of Touch ID, which allows users to unlock their iPhones and iPads (and log in to some apps) through a fingerprint sensor on the home button. The iPhone X doesn’t have a home button — it’s all screen, except for a weird notch at the top — so it instead relies on facial recognition technology.
As with Touch ID, Face ID isn’t meant to replace passwords, but it can be a convenient second factor for two-factor authentication. Some users and IT professionals have security and privacy concerns about biometrics in general, and facial recognition opens up a whole new can of worms.
“Unlike a passcode, your face can’t easily change,” Andy Greenberg wrote in Wired. “If someone does find a way to spoof it … they can spoof it forever.”
Twitter parody account PHP CEO came up with a funny way to address that problem:
DUE TO COMPANY PASSWORD POLICY WE WILL BE REQUIRING ALL STAFF WHO GET THE NEW IPHONE TO HAVE THEIR FACE SURGICALLY ALTERED EVERY 90 DAYS
— PHP CEO (@PHP_CEO) September 12, 2017
For a less drastic solution, IT should keep an eye on the MDM capabilities in the iPhone X. Admins can disable Touch ID through MDM, so it wouldn’t be a surprise if that’s possible for Face ID as well.