Apple Platform Security
- Welcome
- Intro to Apple platform security
-
- System security overview
- Signed system volume security
- Secure software updates
- Operating system integrity
- Activating data connections securely
- Verifying accessories
- BlastDoor for Messages and IDS
- Lockdown Mode security
- System security for watchOS
- Random number generation
- Apple Security Research Device
-
- Services security overview
-
- Apple Pay security overview
- Apple Pay component security
- How Apple Pay keeps users’ purchases protected
- Payment authorisation with Apple Pay
- Paying with cards using Apple Pay
- Contactless passes in Apple Pay
- Rendering cards unusable with Apple Pay
- Apple Card security
- Apple Cash security
- Tap to Pay on iPhone
- Secure Apple Messages for Business
- FaceTime security
- Glossary
- Document revision history
- Copyright
WidgetKit security
WidgetKit is the framework developers use to offer widgets and watch complications. Both may show sensitive information and can be highly visible, especially on devices with an Always On display.
In iOS, users can configure whether to show sensitive data on the Lock Screen and while in Always On. In Settings, they can deactivate data access for Lock Screen widgets in the “Allow Access When Locked” section of Settings > Face ID & Passcode.
On Apple Watch, users can configure whether to show sensitive data during Always On by choosing Settings > Display & Brightness > Always On > Hide Sensitive Complications. They can also choose to show redacted content for all or individual complications.
If a user chooses to hide content they consider private, WidgetKit renders a placeholder for redactions. To configure redactions, a developer must:
1. Implement the redacted(reason:)
callback.
2. Read out the privacy
property.
3. Provide custom placeholder views.
Developers can also render a view as unredacted with the unredacted()
view modifier.
As an alternative to marking individual views as privacy sensitive, for example, if an entire widget content is privacy sensitive, the developer can add the Data Protection capability to a widget extension. Until a user unlocks their device to match the privacy level selected, WidgetKit displays placeholders instead of the widget content. The developer must enable the Data Protection capability for the widget extension in Xcode and then set the Data Protection
entitlement to the value that fits the level of privacy they want to offer:
NSFileProtectionComplete
NSFileProtectionCompleteUnlessOpen
WidgetKit hides these widgets’ content when the device is passcode locked and displays a placeholder until a user authenticates after they restart their device. Additionally, these iOS widgets arenʼt available as iPhone widgets on Mac.