Fixing a major but unacknowledged bug in the operating system, last week's iPhone OS 3.1 update has rendered most iPhones and all iPod Touches incompatible with Exchange 2007 servers that require on-device data be encrypted, a standard safeguard used by businesses.
In other words, Apple has fundamentally betrayed its iPhone users and the businesses that have either explicitly or implicitly supported the device.
If you're like me, you probably ran the iPhone OS 3.1 update late Friday along with all the other Mac OS X updates. And perhaps, like me, you found your device no longer syncing to your company's Exchange 2007 Server. I, for one, assumed something had changed on the back end. After all, a dot-one update is a bug fix, so there shouldn't have been anything major to watch out for. But I learned Monday it was the update itself that was to blame.
My first reaction was, "Damn. Now I can't check e-mail or schedules when not at my desk. I wonder how long it will take for Apple to fix the issue." Our IT department is not about to relax its encryption requirement to deal with a change in Apple's OS. Why should it?
Then it sunk in. The iPhone has been falsely reporting to Exchange servers since July 2008 that it supports on-device encryption.
The lie the iPhone has been telling
That's right. Thousands of users have been accessing e-mail, calendars, and contacts over Exchange connections through their iPhones or iPod Touches, not knowing they were compromising their corporate security. During that entire time, Apple has extolled its support of Exchange and convinced many businesses that the iPhone was a corporate-class device they should embrace or, at least, tolerate.
It also turns out that Apple had a similar issue -- with a similarly stealthy fix -- in its iPhone OS 3.0 update, which corrected misreporting about its VPN policy support.
How many businesses will revisit their iPhone support now that they know Apple shipped and promoted a product as fit for business only to later find that the device had a major security flaw? Apple clearly knew of the flaw at some point; otherwise, it would not have fixed it in the iPhone OS 3.1 update. Worse, how many users or businesses will trust Apple, now that they know it not only hid a major flaw from their attention but also slipstreamed a fix that broke compatibility with most of its devices?
Consider the implications on Mac OS X Snow Leopard, which now boasts the same Exchange support as the iPhone. As of the Mac OS X 10.6.1 update of last week, it still works with our encryption-requiring Exchange 2007 Server. But how does anyone know Snow Leopard won 't have a similar breakdown in the future, if not for encryption then for something else?
I suspect that Apple has set back its enterprise cause several years, if not permanently.