Introduction to Apple platform security
Apple designs security into the core of its platforms. Building on the experience of creating one of the world’s most advanced mobile operating systems, Apple has created security architectures that address the unique requirements of mobile, watch, desktop and home.
Every Apple device combines hardware, software and services designed to work together for maximum security with a transparent user experience in service of the ultimate goal of keeping personal information safe. Custom security hardware powers critical security features. Software protections work to keep the operating system and third-party apps safe. Services provide a mechanism for secure and timely software updates, power a safer app ecosystem, secure communications and payments, and provide a safer experience on the internet. Apple devices protect not only the device and its data, but the entire ecosystem, including everything users do locally, on networks and with key internet services.
Just as we design our products to be simple, intuitive and capable, we design them to be secure. Key security features, such as hardware-based device encryption, can’t be disabled by mistake. Other features, such as Touch ID and Face ID, enhance the user experience by making it simpler and more intuitive to secure the device. And because many of these features are enabled by default, users or IT departments don’t need to perform extensive configurations.
This documentation provides details about how security technology and features are implemented within Apple platforms. It also helps organisations combine Apple platform security technology and features with their own policies and procedures to meet their specific security needs.
The content is organised into the following topic areas:
Hardware Security and Biometrics: The hardware that forms the foundation for security on Apple devices, including the Secure Enclave, a dedicated AES crypto engine, Touch ID and Face ID.
System Security: The integrated hardware and software functions that provide for the safe boot, update and ongoing operation of Apple operating systems.
Encryption and Data Protection: The architecture and design that protects user data if the device is lost or stolen or if an unauthorised person or process attempts to use or modify it.
App Security: The software and services that provide a safe app ecosystem and enable apps to run securely and without compromising platform integrity.
Services Security: Apple’s services for identification, password management, payments, communications and finding lost devices.
Network Security: Industry-standard networking protocols that provide secure authentication and encryption of data in transmission.
Developer Kits: Frameworks for the secure and private management of home and health, as well as the extension of Apple device and service capabilities to third-party apps.
Secure Device Management: Methods that allow management of Apple devices, prevent unauthorised use and enable remote wipe if a device is lost or stolen.
Security and Privacy Certifications: Information on ISO certifications, Cryptographic validation, Common Criteria Certification and the Commercial Solutions for Classified (CSfC) Program.
A commitment to security
Apple is committed to helping protect customers with leading privacy and security technologies — designed to safeguard personal information — and comprehensive methods — to help protect corporate data in an enterprise environment. Apple rewards researchers for the work they do to uncover vulnerabilities by offering the Apple Security Bounty. Details of the programme and bounty categories are available at https://developer.apple.com/security-bounty/.
We maintain a dedicated security team to support all Apple products. The team provides security auditing and testing for products, both under development and released. The Apple team also provides security tools and training and actively monitors for threats and reports of new security issues. Apple is a member of the Forum of Incident Response and Security Teams (FIRST).
Apple continues to push the boundaries of what is possible in security and privacy. For example, Find My uses existing cryptographic primitives to enable the groundbreaking capability of distributed finding of an offline Mac — without exposing to anyone, including Apple, the identity or location data of any of the users involved. To enhance Mac firmware security, Apple has leveraged an analogue to page tables to block inappropriate access from peripherals, but at a point so early in the boot process that RAM hasn’t yet been loaded. And as attackers continue to increase the sophistication of their exploit techniques, Apple is dynamically controlling memory execution privileges for iPhone and iPad by leveraging custom CPU instructions — unavailable on any other mobile devices — to thwart compromise. Just as important as the innovation of new security capabilities, new features are built with privacy and security at the centre of their design.
To make the most of the extensive security features built into our platforms, organisations are encouraged to review their IT and security policies to ensure that they are taking full advantage of the layers of security technology offered by these platforms.
To learn more about reporting issues to Apple and subscribing to security notifications, see Report a security or privacy vulnerability.
Apple believes privacy is a fundamental human right and has numerous built-in controls and options that allow users to decide how and when apps use their information, as well as what information is being used. To learn more about Apple’s approach to privacy, privacy controls on Apple devices and the Apple privacy policy, see https://www.apple.com/privacy.
Note: Unless otherwise noted, this documentation covers the following operating system versions: iOS 13.4, iPadOS 13.4, macOS 10.15.4, tvOS 13.4 and watchOS 6.2.