Apple Platform Security
- Welcome
- Intro to Apple platform security
-
- System security overview
- Signed system volume security
- Secure software updates
- Operating system integrity
- Activating data connections securely
- Verifying accessories
- BlastDoor for Messages and IDS
- Lockdown Mode security
- System security for watchOS
- Random number generation
- Apple Security Research Device
-
- Services security overview
-
- Apple Pay security overview
- Apple Pay component security
- How Apple Pay keeps users’ purchases protected
- Payment authorization with Apple Pay
- Paying with cards using Apple Pay
- Contactless passes in Apple Pay
- Rendering cards unusable with Apple Pay
- Apple Card security
- Apple Cash security
- Tap to Pay on iPhone
- Secure Apple Messages for Business
- FaceTime security
- Glossary
- Document revision history
- Copyright
Protecting user data in the face of attack
Attackers attempting to extract user data often try a number of techniques: extracting the encrypted data to another medium for brute-force attack, manipulating the operating system version, or otherwise changing or weakening the security policy of the device to facilitate attack. Attacking data on a device often requires communicating with the device using physical interfaces like Thunderbolt, Lightning, or USB-C. Apple devices include features to help prevent such attacks.
Apple devices support a technology called Sealed Key Protection (SKP) that’s designed to ensure that cryptographic material is rendered unavailable off device, or that’s used if manipulations are made to operating system versions or security settings without appropriate user authorization. This feature is not provided by the Secure Enclave; instead, it’s supported by hardware registers that exist at a lower layer to provide an additional layer of protection to the keys necessary to decrypt user data independent of the Secure Enclave.
Note: SKP is available only on devices with an Apple-designed SoC.
Feature | A11–A17 S3–S9 M1, M2, M3 | ||||||||||
Sealed Key Protection |
| ||||||||||
iPhone and iPad devices can also be configured to only activate data connections in conditions more likely to indicate the device is still under the physical control of the authorized owner.