System security for watchOS
Apple Watch uses many of the same hardware-based platform security capabilities that iOS and iPadOS use. For example, Apple Watch:
Performs secure boot and secure software updates
Maintains operating system integrity
Helps protect data—both on the device and when communicating with a paired iPhone or the internet
Supported technologies include those listed in System Security (for example, KIP, SKP, and SCIP) as well as Data Protection, keychain, and network technologies.
watchOS can be configured to update overnight. For more information on how the Apple Watch passcode gets stored and used during the update, see Keybags.
If wrist detection is enabled, the device locks automatically soon after it’s removed from the user’s wrist. If wrist detection is disabled, Control Center provides an option for locking Apple Watch. When Apple Watch is locked, Apple Pay can be used only by entering the passcode on the Apple Watch. Wrist detection is turned off using the Apple Watch app on iPhone. This setting can also be enforced using a mobile device management (MDM) solution.
When Find My is turned on on iPhone, its paired Apple Watch can use Activation Lock. Activation Lock makes it harder for anyone to use or sell an Apple Watch that’s been lost or stolen. Activation Lock requires the user’s Apple ID and password to unpair, erase, or reactivate an Apple Watch.
Secure pairing with iPhone
Apple Watch can be paired with only one iPhone at a time. When Apple Watch is unpaired, iPhone communicates instructions to erase all content and data from the watch.
Pairing Apple Watch with iPhone is secured using an out-of-band process to exchange public keys, followed by the Bluetooth Low Energy (BLE) link shared secret. Apple Watch displays an animated pattern, which is captured by the camera on iPhone. The pattern contains an encoded secret that’s used for BLE 4.1 out-of-band pairing. Standard BLE Passkey Entry is used as a fallback pairing method, if necessary.
After the BLE session is established and encrypted using the highest security protocol available in the Bluetooth Core Specification, iPhone and Apple Watch exchange keys using either:
A key exchange using IKEv2/IPsec. The initial key exchange is authenticated using either the Bluetooth session key (for pairing scenarios) or the IDS keys (for operating system update scenarios). Each device generates a random public and private 256-bit Ed25519 key pair, and during the initial key exchange process, the public keys are exchanged.
Note: The mechanism used for key exchange and encryption varies, depending on which operating system versions are on the iPhone and Apple Watch. iPhone devices running iOS 13 or later when paired with an Apple Watch running watchOS 6 or later use only IKEv2/IPsec for key exchange and encryption.
After keys have been exchanged:
The Bluetooth session key is discarded and all communications between iPhone and Apple Watch are encrypted using one of the methods listed above—with the encrypted Bluetooth, Wi-Fi, and cellular links providing a secondary encryption layer.
(IKEv2/IPsec only) The keys are stored in the System keychain and used for authenticating future IKEv2/IPsec sessions between the devices. Further communication between these devices is encrypted and integrity protected using AES-256-GCM on iPhone devices running iOS 15 or later paired with an Apple Watch Series 4 or later running watchOS 8 or later. (ChaCha20-Poly1305 with 256-bit keys is used on older devices or devices running older operating system versions.)
The Bluetooth Low Energy device address is rotated at 15-minute intervals to reduce the risk of the device being locally tracked if someone broadcasts a persistent identifier.
To support apps that need streaming data, encryption is provided with methods described in FaceTime security, using either the Apple Identity Service (IDS) provided by the paired iPhone or a direct internet connection.
Apple Watch implements hardware-encrypted storage and class-based protection of files and keychain items. Access-controlled keybags for keychain items are also used. Keys used to communicate between Apple Watch and iPhone are also secured using class-based protection. For more information, see Keybags for Data Protection.
Auto Unlock and Apple Watch
For greater convenience when using multiple Apple devices, some devices can automatically unlock others in certain situations. Auto Unlock supports three uses:
An Apple Watch can be unlocked by an iPhone.
A Mac can be unlocked by an Apple Watch.
An iPhone can be unlocked by an Apple Watch when a user is detected with their nose and mouth covered.
All three use cases are built upon the same basic foundation: a mutually authenticated Station-to-Station (STS) protocol, with Long-Term Keys exchanged at time of feature enablement and unique ephemeral session keys negotiated for each request. Regardless of the underlying communication channel, the STS tunnel is negotiated directly between the Secure Enclaves in both devices, and all cryptographic material is kept within that secure domain (with the exception of Mac computers without a Secure Enclave, which terminate the STS tunnel in the kernel).
A complete unlock sequence can be broken down in two phases. First, the device being unlocked (the “target”) generates a cryptographic unlock secret and sends it to the device performing the unlock (the “initiator”). Later, the initiator performs the unlock using the previously generated secret.
To arm auto unlock, the devices connect to each other using a BLE connection. Then a 32-byte unlock secret randomly generated by the target device is sent to the initiator over the STS tunnel. During the next biometric or passcode unlock, the target device wraps its passcode-derived key (PDK) with the unlock secret and discards the unlock secret from its memory.
To perform the unlock, the devices initiate a new BLE connection and then use peer-to-peer Wi-Fi to securely approximate the distance between each other. If the devices are within the specified range and the required security policies are met, the initiator sends its unlock secret to the target through the STS tunnel. The target then generates a new 32-byte unlock secret and returns it to the initiator. If the current unlock secret sent by the initiator successfully decrypts the unlock record, the target device is unlocked and the PDK is rewrapped with a new unlock secret. Finally, the new unlock secret and PDK are then discarded from the targetʼs memory.
Apple Watch Auto Unlock security policies
For added convenience, Apple Watch can be unlocked by an iPhone directly after initial startup, without requiring the user to first enter the passcode on the Apple Watch itself. To achieve this, the random unlock secret (generated during the very first unlock sequence after enablement of the feature) is used to create a long-term escrow record, which is stored in the Apple Watch keybag. The escrow record secret is stored in the iPhone keychain and used to bootstrap a new session after each Apple Watch restart.
iPhone Auto Unlock security policies
Additional security policies apply to iPhone Auto Unlock with Apple Watch. Apple Watch can’t be used in place of Face ID on iPhone for other operations, such as Apple Pay or app authorizations. When Apple Watch successfully unlocks a paired iPhone, the watch displays a notification and plays an associated haptic. If the user taps the Lock iPhone button in the notification, the watch sends the iPhone a lock command over BLE. When the iPhone receives the lock command, it locks and disables both Face ID and unlock using Apple Watch. The next iPhone unlock must be performed with the iPhone passcode.
Successfully unlocking a paired iPhone from Apple Watch (when enabled) requires that the following criteria be met:
iPhone must have been unlocked using another method at least once after the associated Apple Watch was placed on wrist and unlocked.
Sensors must be able to detect that the nose and mouth are covered.
Distance measured must be 2–3 meters or less
Apple Watch must not be in bedtime mode.
Apple Watch or iPhone must have been unlocked recently, or Apple Watch must have experienced physical motion indicating that the wearer is active (for example, not asleep).
iPhone must have been unlocked at least once in the past 6.5 hours.
iPhone must be in a state where Face ID is allowed to perform a device unlock. (For more information, see Face ID, Touch ID, passcodes, and passwords.)
Approve in macOS with Apple Watch
When Auto Unlock with Apple Watch is enabled, the Apple Watch can be used in place, or together with Touch ID, to approve authorization and authentication prompts from:
macOS and Apple apps that request authorization
Third-party apps that request authentication
Saved Safari passwords
Secure use of Wi-Fi, cellular, iCloud, and Gmail
When Apple Watch isn’t within Bluetooth range, Wi-Fi or cellular can be used instead. Apple Watch automatically joins Wi-Fi networks that have already been joined on the paired iPhone and whose credentials have synced to the Apple Watch while both devices were in range. This Auto-Join behavior can then be configured on a per-network basis in the Wi-Fi section of the Apple Watch Settings app. Wi-Fi networks that have never been joined before on either device can be manually joined in the Wi-Fi section of the Apple Watch Settings app.
When Apple Watch and iPhone are out of range, Apple Watch connects directly to iCloud and Gmail servers to fetch Mail, as opposed to syncing Mail data with the paired iPhone over the internet. For Gmail accounts, the user must authenticate to Google in the Mail section of the Watch app on iPhone. The OAuth token received from Google is sent over to Apple Watch in encrypted format over Apple Identity Service (IDS) so that it can be used to fetch Mail. This OAuth token is never used for connectivity with the Gmail server from the paired iPhone.