Apple Platform Security
- Welcome
- Intro to Apple platform security
-
- System security overview
- Signed system volume security
- Secure software updates
- Rapid Security Responses
- Operating system integrity
- BlastDoor for Messages and IDS
- Lockdown Mode security
- System security for watchOS
- Random number generation
- Apple Security Research Device
-
- Services security overview
-
- Apple Pay security overview
- Apple Pay component security
- How Apple Pay keeps users’ purchases protected
- Payment authorization with Apple Pay
- Paying with cards using Apple Pay
- Contactless passes in Apple Pay
- Rendering cards unusable with Apple Pay
- Apple Card security
- Apple Cash security
- Tap to Pay on iPhone
- Secure Apple Messages for Business
- FaceTime security
- Glossary
- Document revision history
- Copyright
App protection and app groups in iOS, iPadOS, and visionOS
With iPhone, iPad, and Apple Vision Pro, organizations can protect apps securely by using the iOS SDK and by joining an App Group at the Apple Developer Portal.
Adopting Data Protection in apps
The Apple Software Development Kits (SDK) offer a full suite of APIs that make it easy for third-party and in-house developers to adopt Data Protection and help ensure the highest level of protection in their apps. Data Protection is available for file and database APIs, including NSFileManager, CoreData, NSData, and SQLite.
The Mail app database (including attachments), managed books, Safari bookmarks, app launch images, and location data are also stored through encryption, with keys protected by the user’s passcode on their device. Calendar (excluding attachments), Contacts, Reminders, Notes, Messages, and Photos implement the Data Protection
entitlement Protected Until First User Authentication.
User-installed apps that don’t opt in to a specific Data Protection class receive Protected Until First User Authentication by default.
Joining an App Group
Apps and extensions owned by a given developer account can share content when configured to be part of an App Group. It’s up to the developer to create the appropriate groups on the Apple Developer Portal and include the desired set of apps and extensions. Once configured to be part of an App Group, apps have access to the following:
A shared on-volume container for storage, which stays on the device as long as at least one app from the group is installed
Shared preferences
Shared keychain items
The Apple Developer Portal helps ensure that App group IDs (GIDs) are unique across the app ecosystem.