Apple Platform Security
- Welcome
- Intro to Apple platform security
-
- Encryption and Data Protection overview
- Passcodes and passwords
-
- Data Protection overview
- Data Protection
- Data Protection classes
- Keybags for Data Protection
- Protecting keys in alternative boot modes
- Protecting user data in the face of attack
- Sealed Key Protection (SKP)
- Activating data connections securely in iOS and iPadOS
- Role of Apple File System
- Keychain data protection
- Digital signing and encryption
-
- Services security overview
-
- Apple Pay security overview
- Apple Pay component security
- How Apple Pay keeps users’ purchases protected
- Payment authorisation with Apple Pay
- Paying with cards using Apple Pay
- Contactless passes in Apple Pay
- Rendering cards unusable with Apple Pay
- Apple Card security
- Apple Cash security
- Tap to Pay on iPhone
- Secure Apple Messages for Business
- FaceTime security
- Glossary
- Document revision history
- Copyright
iCloud Keychain security overview
iCloud allows users to securely sync their passwords between iOS and iPadOS devices and Mac computers without exposing that information to Apple. In addition to strong privacy and security, other goals that heavily influenced the design and architecture of iCloud Keychain were ease of use and the ability to recover a keychain. iCloud Keychain consists of two services: keychain syncing and keychain recovery.
Apple designed iCloud Keychain and keychain recovery so that a user’s passwords are still protected under the following conditions:
A user’s iCloud account is compromised.
iCloud is compromised by an external attacker or employee.
A third party accesses user accounts.
Password manager integration with iCloud Keychain
iOS, iPadOS and macOS can automatically generate cryptographically strong random strings to use as account passwords in Safari. iOS and iPadOS can also generate strong passwords for apps. Generated passwords are stored in the keychain and synced to other devices. Keychain items are transferred from device to device, travelling through Apple servers, but are encrypted in such a way that Apple and other devices can’t read their contents.