Apple Platform Security
- Welcome
- Intro to Apple platform security
-
- System security overview
- Signed system volume security
- Secure software updates
- Operating system integrity
- Activating data connections securely
- Verifying accessories
- BlastDoor for Messages and IDS
- Lockdown Mode security
- System security for watchOS
- Random number generation
- Apple Security Research Device
-
- Services security overview
-
- Apple Pay security overview
- Apple Pay component security
- How Apple Pay keeps users’ purchases protected
- Payment authorisation with Apple Pay
- Paying with cards using Apple Pay
- Contactless passes in Apple Pay
- Rendering cards unusable with Apple Pay
- Apple Card security
- Apple Cash security
- Tap to Pay on iPhone
- Secure Apple Messages for Business
- FaceTime security
- Glossary
- Document revision history
- Copyright
Protecting app access to user data
In addition to encrypting data at rest, Apple devices help prevent apps from accessing a user’s personal information without permission using various technologies including Data Vault. In Settings in iOS and iPadOS, and in macOS System Settings (macOS 13 or later) or System Preferences (macOS 12 or earlier), users can see which apps they’ve permitted to access certain information, as well as grant or revoke any future access. Access is enforced in the following cases:
iOS, iPadOS and macOS: Calendars, Camera, Contacts, Microphone, Photos, Reminders and Speech recognition
iOS and iPadOS: Bluetooth, Home, Media, Media apps and Apple Music, Motion and fitness
iOS and watchOS: Health
macOS: Input monitoring (for example, keyboard strokes), Prompt, Screen recording (for example, static screen shots and video), and System Settings (macOS 13 or later) or System Preferences (macOS 12 or earlier)
In iOS 13.4 or later and iPadOS 13.4 or later, all third-party apps automatically have their data protected in a Data Vault. Data Vault helps protect against unauthorised access to the data, even from processes that aren’t themselves sandboxed. Additional classes in iOS 15 or later include Local Network, Nearby Interactions, Research Sensor & Usage Data, and Focus.
If the user signs into iCloud, apps in iOS and iPadOS are granted access by default to iCloud Drive. Users may control each app’s access under iCloud in Settings. iOS and iPadOS also provide restrictions designed to prevent data movement between apps and accounts installed by a mobile device management (MDM) solution and those installed by the user.