Understandably so, racking up data charges when you don’t have a data plan or don’t have a say isn’t a very friendly way to treat your customers. However, in the case of the 3.1 iPhone OS and iPhones in general, everyone already pays for a data plan and the anti-phishing feature was one of the highlights of the otherwise lackluster update. So why is such a feature “disabled” by default? According to Apple spokesman Bill Davis:
Safari’s anti-phishing database is downloaded while the user charges their phone in order to protect battery life and ensure there aren’t any additional data fees
Ok, I would understand the data fee argument if users had a choice to purchase an iPhone with or without one, but they don’t. Maybe I’m slow, but I just can’t see the point of this argument. Even users on limited data plans shouldn’t be that harmed. A list of sites which is noting but text can’t possibly take up that much room or use that much data can it?
The other argument, that it’s “disabled” or more correctly relegated to only update when syncing/charging to preserve battery life, is a tad more understandable. Because of this, one can assume that the list of known phishing sites is stored locally on the iPhone itself and if only updated when syncing or charing opens up a wide door for attacks as it is not a continuous or “live” process. Better than nothing perhaps but still far from perfect. Apple recommends connecting to a WiFi network and then charging the iPhone with the screen off to get the full benefit of the new feature. Is this really the right way to go about it?
Source: iPhone Alley, Loop Insight, Image Source
