Apple has released its 2019 Security guide that covers the company’s efforts across a variety of levels including hardware security and biometrics, encryption and data protection, as well as app, services, and network security.
Apple opens the 2019 Platform Security guide with a description of its approach and notes how it leverages hardware, software, and services for “maximum security:”
Apple designs security into the core of its platforms. Building on the experience of creating the worldʼs most advanced mobile operating system, Apple has created security architectures that address the unique requirements of mobile, watch, desktop, and home.
Every Apple device combines hardware, software, and services designed to work together for maximum security and a transparent user experience in service of the ultimate goal of keeping personal information safe. Custom security hardware powers critical security features. Software protections work to keep the operating system and third-party apps safe. Services provide a mechanism for secure and timely software updates, power a safer app ecosystem, secure communications and payments, and provide a safer experience on the Internet. Apple devices protect not only the device and its data, but the entire ecosystem, including everything users do locally, on networks, and with key Internet services.
This year, Apple calls out examples of pushing security and privacy further with the Find My offline device tracking as well as what it has done with Mac firmware security.
Apple continues to push the boundaries of what is possible in security and privacy. For example, Find My uses existing cryptographic primitives to enable the groundbreaking capability of distributed finding of an offline Mac — without exposing to anyone, including Apple, the identity or location data of any of the users involved. To enhance Mac firmware security, Apple has leveraged an analog to page tables to block inappropriate access from peripherals, but at a point so early in the boot process that RAM hasn’t yet been loaded. And as attackers continue to increase the sophistication of their exploit techniques, Apple is dynamically controlling memory execution privileges for iPhone and iPad by leveraging custom CPU instructions — unavailable on any other mobile devices — to thwart compromise. Just as important as the innovation of new security capabilities, new features are built with privacy and security at their center of their design.
The whole document is over 150 pages and is broken down into the following sections:
- Hardware Security and Biometrics: The hardware that forms the foundation for security on Apple devices, including the Secure Enclave, a dedicated AES crypto engine, Touch ID, and Face ID.
- System Security: The integrated hardware and software functions that provide for the safe boot, update, and ongoing operation of Apple operating systems.
- Encryption and Data Protection: The architecture and design that protects user data if the device is lost or stolen, or if an unauthorized person attempts to use or modify it.
- App Security: The software and services that provide a safe app ecosystem and enable apps to run securely and without compromising platform integrity.
- Services Security: Appleʼs services for identification, password management, payments, communications, and finding lost devices.
- Network Security: Industry-standard networking protocols that provide secure authentication and encryption of data in transmission.
- Developer Kits: Frameworks for secure and private management of home and health, as well as extension of Apple device and service capabilities to third-party apps.
- Secure Device Management: Methods that allow management of Apple devices, prevent unauthorized use, and enable remote wipe if a device is lost or stolen.
- Security Certifications and Programs: Information on ISO certifications, Cryptographic validation, Common Criteria Certification, and the Commercial Solutions for Classified (CSfC) Program.
Check out the full 2019 Apple Platform Security guide here.
FTC: We use income earning auto affiliate links. More.