Apple Platform Security
- Welcome
- Intro to Apple platform security
-
- System security overview
- Signed system volume security
- Secure software updates
- Rapid Security Responses
- Operating system integrity
- BlastDoor for Messages and IDS
- Lockdown Mode security
- System security for watchOS
- Random number generation
- Apple Security Research Device
-
- Services security overview
-
- Apple Pay security overview
- Apple Pay component security
- How Apple Pay keeps users’ purchases protected
- Payment authorization with Apple Pay
- Paying with cards using Apple Pay
- Contactless passes in Apple Pay
- Rendering cards unusable with Apple Pay
- Apple Card security
- Apple Cash security
- Tap to Pay on iPhone
- Secure Apple Messages for Business
- FaceTime security
- Glossary
- Document revision history
- Copyright
iCloud Keychain security overview
iCloud Keychain allows users to securely sync their passwords and passkeys between iPhone, iPad, Mac, Apple Watch, and Apple Vision Pro without exposing them to Apple. In addition to strong privacy and security, other goals for the design and architecture of iCloud Keychain were ease of use, and the ability to recover keychain contents even all of a user’s devices are inaccessible. iCloud Keychain consists of two services: keychain syncing and keychain recovery.
iCloud Keychain and keychain recovery are designed such that a user’s passwords and passkeys are still protected under the following conditions:
A user’s iCloud account is compromised.
iCloud is compromised by an external attacker or employee.
A third party accesses user accounts.
Password manager integration with iCloud Keychain
iOS, iPadOS, macOS, and visionOS can automatically generate cryptographically strong random strings to use as account passwords in Safari. iOS, iPadOS, and visionOS can also generate strong passwords for apps. Generated passwords are stored in the keychain and synced to other devices. Keychain items are transferred from device to device, traveling through Apple servers, but are encrypted end-to-end so that Apple and other devices can’t read their contents.