HomeKit data security
HomeKit data updates between devices and users
HomeKit data can be updated between a user’s iOS, iPadOS, and macOS devices using iCloud and iCloud keychain. During this process, the HomeKit data is encrypted using keys derived from the user’s HomeKit identity and a random nonce and is handled as an opaque binary large object, or blob. The most recent blob is stored in iCloud, but it isn’t used for any other purpose. Because it’s encrypted using keys that are available only on the user’s iOS, iPadOS, and macOS devices, its contents are inaccessible during transmission and iCloud storage.
HomeKit data is also synced between multiple users of the same home. This process uses authentication and encryption that is the same as that used between an iOS, iPadOS, and macOS device and a HomeKit accessory. The authentication is based on Ed25519 public keys that are exchanged between the devices when a user is added to a home. After a new user is added to a home, all further communication is authenticated and encrypted using Station-to-Station protocol and per-session keys.
The user who initially created the home in HomeKit or another user with editing permissions can add new users. The owner’s device configures the accessories with the public key of the new user so that the accessory can authenticate and accept commands from the new user. When a user with editing permissions adds a new user, the process is delegated to a home hub to complete the operation.
The process to provision Apple TV for use with HomeKit is performed automatically when the user signs in to iCloud. The iCloud account needs to have two-factor authentication enabled. Apple TV and the owner’s device exchange temporary Ed25519 public keys over iCloud. When the owner’s device and Apple TV are on the same local network, the temporary keys are used to secure a connection over the local network using Station-to-Station protocol and per-session keys. This process uses authentication and encryption that is the same as that used between an iOS, iPadOS, and macOS device and a HomeKit accessory. Over this secure local connection, the owner’s device transfers the user’s Ed25519 public-private key pairs to Apple TV. These keys are then used to secure the communication between Apple TV and the HomeKit accessories and also between Apple TV and other iOS, iPadOS, and macOS devices that are part of the HomeKit home.
If a user doesn’t have multiple devices and doesn’t grant additional users access to their home, no HomeKit data is transmitted to iCloud.
Home data and apps
Access to home data by apps is controlled by the user’s Privacy settings. Users are asked to grant access when apps request home data, similar to Contacts, Photos, and other iOS, iPadOS, and macOS data sources. If the user approves, apps have access to the names of rooms, names of accessories, which room each accessory is in, and other information as detailed in the HomeKit developer documentation at https://developer.apple.com/homekit/.
Local data storage
HomeKit stores data about the homes, accessories, scenes, and users on a user’s iOS, iPadOS, and macOS devices. This stored data is encrypted using keys derived from the user’s HomeKit identity keys, plus a random nonce. Additionally, HomeKit data is stored using the Data Protection class Protected Until First User Authentication. HomeKit data is backed up only in encrypted backups, so, for example, unencrypted backups to the Finder (macOS 10.15 or later) or iTunes (in macOS 10.14 or earlier) through USB don’t contain HomeKit data.