Apple Platform Security
- Welcome
- Intro to Apple platform security
-
- Encryption and Data Protection overview
- Passcodes and passwords
-
- Data Protection overview
- Data Protection
- Data Protection classes
- Keybags for Data Protection
- Protecting keys in alternate boot modes
- Protecting user data in the face of attack
- Sealed Key Protection (SKP)
- Activating data connections securely in iOS and iPadOS
- Role of Apple File System
- Keychain data protection
- Digital signing and encryption
-
- Services security overview
-
- Apple Pay security overview
- Apple Pay component security
- How Apple Pay keeps users’ purchases protected
- Payment authorization with Apple Pay
- Paying with cards using Apple Pay
- Contactless passes in Apple Pay
- Rendering cards unusable with Apple Pay
- Apple Card security
- Apple Cash security
- Tap to Pay on iPhone
- Secure Apple Messages for Business
- FaceTime security
- Glossary
- Document revision history
- Copyright
Protecting app access to user data
In addition to encrypting data at rest, Apple devices help prevent apps from accessing a user’s personal information without permission using various technologies including Data Vault. In Settings in iOS and iPadOS, or System Preferences in macOS, users can see which apps they have permitted to access certain information as well as grant or revoke any future access. Access is enforced in the following:
iOS, iPadOS, and macOS: Calendars, Camera, Contacts, Microphone, Photos, Reminders, Speech recognition
iOS and iPadOS: Bluetooth, Home, Media, Media apps and Apple Music, Motion and fitness
iOS and watchOS: Health
macOS: Input monitoring (for example, keyboard strokes), Prompt, Screen recording (for example, static screen shots and video), System Preferences
In iOS 13.4 or later and iPadOS 13.4 or later, all third-party apps automatically have their data protected in a Data Vault. Data Vault helps protect against unauthorized access to the data, even from processes that aren’t themselves sandboxed. Additional classes in iOS 15 or later include Local Network, Nearby Interactions, Research Sensor & Usage Data, and Focus.
If the user signs in to iCloud, apps in iOS and iPadOS are granted access by default to iCloud Drive. Users may control each app’s access under iCloud in Settings. iOS and iPadOS also provide restrictions designed to prevent data movement between apps and accounts installed by a mobile device management (MDM) solution and those installed by the user.