Skip to main content

Apple updates iOS Security Guide w/ details on Shortcuts, multi appearance Face ID, more

In conjunction with the release of iOS 12 today, Apple has released a new version of its iOS Security Guide. This update includes new details on the Secure Enclave, DFU and recovery mode, Screen Time, Shortcuts, and more.

Apple releases updated versions of its Security Guide several times per year, generally coinciding with the release of a major new iOS update or feature. For instance, alongside the iPhone X, it released a new version of the Security Guide with details on Face ID.

First off, today’s revision to the Security Guide includes new details on Shortcuts. Apple says that Siri suggestions for apps and shortcuts are generated with on-device machine learning, ensuring that no identifiable data goes to Apple:

Siri suggestions for apps and shortcuts are generated using on-device machine learning. No data goes to Apple except information which can’t be used to identify the user about what signals were useful predictors of shortcuts or app launches.

Shortcuts added to Siri are synced across all Apple devices using iCloud, and encrypted using CloudKit end-to-end encryption. The phrases associated with shortcuts are synced to the Siri server for speech recognition, and associated with the random Siri identifier described in the Siri section. Apple doesn’t receive the contents of the shortcuts, which are stored locally in a data vault.

Elsewhere, Apple offers a handful of details on iOS’s Password Management feature. The company says applications cannot access the Password AutoFill keychain without direct user permission. Apple also says that access is granted to iOS apps only if the app developer and website administrator have given approval:

Apps can’t access the Password AutoFill keychain without user permission. Credentials saved to the Password AutoFill keychain are synchronized across devices with iCloud Keychain when it is enabled.

Access is granted to iOS apps only if the app developer and website administrator have given their approval, and the user has given consent. App developers express their intent to access Safari saved passwords by including an entitlement in their app.

iOS 12 also includes support for multiple appearances in Face ID, but Apple notes that adding a second appearance will increase the probability of a random person being able to unlock your device from 1 in 1,000,000 to 1 in 500,000.

The probability that a random person in the population could unlock your iPhone is 1 in 50,000 with Touch ID or 1 in 1,000,000 with Face ID. This probability increases with multiple enrolled fingerprints (up to 1 in 10,000 with five fingerprints) or appearances (up to 1 in 500,000 with two appearances).

Apple’s full Security Guide can be viewed here. It’s most definitely worth a read if you’re curious about just how extensive Apple’s commitment to security and user privacy is.


Subscribe to 9to5Mac on YouTube for more Apple news:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is the editor-in-chief of 9to5Mac, overseeing the entire site’s operations. He also hosts the 9to5Mac Daily and 9to5Mac Happy Hour podcasts.

You can send tips, questions, and typos to chance@9to5mac.com.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications