Did Apple Really Lie To Business Users?

Last Updated Sep 16, 2009 9:45 AM EDT

Apple's upgrade to its iPhone operating system fixes a flaw but disables support for Microsoft Exchange for many users, raising the issue of whether Apple deliberately misled customers and undermined corporate security measures in order to sell more devices into enterprise environments.

Apple's upgrade to the iPhone's operating system on Friday caused Microsoft's Exchange Server 2007, used by many businesses to manage email, contacts and calendar items, to suddenly stop exchanging information with the device. Exchange 2007 will only communicate with devices that have encryption embedded into the hardware, which iPhones older than the 3GS version do not have. However, those devices had been improperly identifying themselves to the server as having that encryption. Friday's upgrade from OS 3.0 to 3.1 corrected that misinformation, locking out users who had heretofore been able to receive corporate email.

The question is whether Apple deliberately allowed its devices to transmit that incorrect information, and corrected it now in order to stimulate more sales of the 3GS, which does feature hardware encryption. Computerworld's Galen Gruman writes:

Apple has fundamentally betrayed its iPhone users and the businesses that have either explicitly or implicitly supported the device... The iPhone has been falsely reporting to Exchange servers since July 2008 that it supports on-device encryption.
Folks who own the new 3GS don't have anything to worry about. There is a significant issue, however, for users of older iPhones (including the iPhone 3G) who upgraded to OS 3.1. Arguably, owners of older iPhones who didn't upgrade to OS 3.1 can still access Exchange 2007, but they would be knowingly violating corporate security policy. They could request their corporate IT departments to change the setting on Exchange 2007 so that they can use non-encrypted devices, but what right-minded IT or email administrator would undermine one of the server's key security features?

The issue will also give renewed ammunition to IT administrators who only reluctantly granted the iPhone access privileges commensurate with other enterprise-worthy devices, and who can now not only discredit the device itself, but anything else Apple ever claims. If Apple could deceive corporate users about this, those administrators could claim, they could deceive us about anything.

Apple itself is being its usual unhelpful self. The company's response to CNET's questions is replete with arrogance and contempt towards users:

"iPhone OS 3.1 is working properly with Exchange Server 2007," Apple representative Natalie Harrison told CNET News. "We added device encryption information to the data that can be managed by IT administrators using Exchange Server 2007. The policy of whether to support iPhone 3G, in addition to iPhone 3GS, which always has on-device encryption, on Exchange Server 2007 is set by the administrator and can be changed at any time."
In other words, 'our stuff is beyond reproach. This whole Exchange 2007 business isn't really our concern. See your IT department if you have any issues.' Which leads many users, including Gruman, to experience a "sick feeling" of betrayal, particularly if, like Gruman, they've defended Apple and the iPhone in the past.

Perhaps the bug was exactly that -- a bug -- and one that Apple corrected in its typically efficient, secretive and patently offensive way. Gruman writes that Apple "clearly knew of the flaw" or they wouldn't have fixed it, but that doesn't mean they intentionally deceived businesses and planted it there so it would work with Exchange. No one will ever know, just as no one may ever know who was behind the rejection of Google's Google Voice mobile app.

Either way, Apple needs to repair the damage, because even if a sucker is born every day, at the rate it abuses customers, it's going to be running low on available suckers sooner than it thinks.

[Image source: yada2222 via Flickr]

  • Michael Hickins

    Michael Hickins has written about technology and business for BNET, InformationWeek, InternetNews.com, eWEEK -- where he was executive editor from 2007-2008 -- The Curator, Pseudo.com, Multex Investor, Reuters, and Conde Nast's WWD.com. Hickins is the author of The Actual Adventures of Michael Missing, a collection of short stories published by Alfred A. Knopf in 1991. He also published Blomqvist, a picaresque novel set in 11th century Europe, in 2006. Hickins remains passionately interested in the intersections of business, technology, politics and culture, and endures a life-long obsession with baseball. He is married with two children and lives in Manhattan.