No surprise - we have more Apple iPhone security flaws

This time there is a security hole that bypasses access restrictions and it highlights again that Apple favors functionality over security. In this case, even when a user chooses to physically secure the device with a four digit passcode, the user still has access to some functionality. If someone selects "emergency call", that user can then gain access to other options that eventually provide almost complete access to the phone, without ever having to enter a passcode.

This highlights a fundamental design deficiency with the iPhone, and flies in the face of Steve Jobs' declarations about iPhone security. Even with some of the recent improvements in security, Apple internal decision making process always chooses functionality and aesthetics over security. The most recent demonstration of this internal bias is the quick release of updates to fix 3G connectivity issues this year, but security updates generally take several months.

I don't think this is an acceptable level of risk for most enterprises, and it's probably too much risk for many consumers. Until Apple begins to publicly address the fundamental design, development and process issues that move security to the back burner, enterprises will be forced to remain skeptical about the iPhone and will have to worry about the protection of confidential data on the device.