Introduction to Apple platform security
Apple designs security into the core of its platforms. Building on the experience of creating one of the world’s most advanced mobile operating systems, Apple has created security architectures that address the unique requirements of mobile, watch, desktop and home.
Every Apple device combines hardware, software and services designed to work together for maximum security and a transparent user experience in service of the ultimate goal of keeping personal information safe. For example, Apple-designed silicon and security hardware powers critical security features. And software protections work to keep the operating system and third-party apps protected. Finally, services provide a mechanism for secure and timely software updates, power a protected app ecosystem, and facilitate secure communications and payments. As a result, Apple devices protect not only the device and its data but the entire ecosystem, including everything users do locally, on networks and with key internet services.
Just as we design our products to be simple, intuitive and capable, we design them to be secure. Key security features, such as hardware-based device encryption, can’t be disabled by mistake. Other features, such as Face ID and Touch ID, enhance the user experience by making it simpler and more intuitive to secure the device. And because many of these features are enabled by default, users or IT departments don’t need to perform extensive configurations.
This documentation provides details about how security technology and features are implemented within Apple platforms. It also helps organisations combine Apple platform security technology and features with their own policies and procedures to meet their specific security needs.
The content is organised into the following topic areas:
Hardware security and biometrics: The silicon and hardware that forms the foundation for security on Apple devices, including Apple silicon, the Secure Enclave, cryptographic engines, Face ID and Touch ID
System security: The integrated hardware and software functions that provide for the safe boot, update and ongoing operation of Apple operating systems
Encryption and Data Protection: The architecture and design that protects user data if the device is lost or stolen or if an unauthorised person or process attempts to use or modify it
App security: The software and services that provide a safe app ecosystem and enable apps to run securely and without compromising platform integrity
Services security: Apple’s services for identification, password management, payments, communications and finding lost devices
Network security: Industry-standard networking protocols that provide secure authentication and encryption of data in transmission
Developer kit security: Framework “kits” for secure and private management of home and health, as well as extension of Apple device and service capabilities to third-party apps
Secure device management: Methods that allow management of Apple devices, help prevent unauthorised use and enable remote wipe if a device is lost or stolen
A commitment to security
Apple is committed to helping protect customers with leading privacy and security technologies — designed to safeguard personal information — and comprehensive methods, to help protect corporate data in an enterprise environment. Apple rewards researchers for the work they do to uncover vulnerabilities by offering the Apple Security Bounty. Details of the programme and bounty categories are available at https://developer.apple.com/security-bounty/.
We maintain a dedicated security team to support all Apple products. The team provides security auditing and testing for products, both under development and released. The Apple team also provides security tools and training and actively monitors for threats and reports of new security issues. Apple is a member of the Forum of Incident Response and Security Teams (FIRST).
Apple continues to push the boundaries of what’s possible in security and privacy. It uses custom silicon across its product lineup — from Apple Watch to iPhone and iPad, to the T2 Security Chip and Apple silicon in Mac — powering not only efficient computation but also security. For example, Apple silicon forms the foundation for secure boot, Face ID and Touch ID, and Data Protection. In addition, security features on devices powered by Apple silicon — such as Kernel Integrity Protection, Pointer Authentication Codes and Fast Permission Restrictions — help thwart common types of cyberattack. Therefore, even if attacker code somehow executes, the damage it can do is dramatically reduced.
To make the most of the extensive security features built into our platforms, organisations are encouraged to review their IT and security policies to ensure that they are taking full advantage of the layers of security technology offered by these platforms.
To learn more about reporting issues to Apple and subscribing to security notifications, see Report a security or privacy vulnerability.
Apple believes privacy is a fundamental human right and has numerous built-in controls and options that allow users to decide how and when apps use their information, as well as what information is being used. To learn more about Apple’s approach to privacy, privacy controls on Apple devices and the Apple privacy policy, see https://www.apple.com/uk/privacy.
Note: Unless otherwise noted, this documentation covers the following operating system versions: iOS 15.4, iPadOS 15.4, macOS 12.3, tvOS 15.4 and watchOS 8.5.