Apple Publishes Updated iOS Security Guide

Apple today published an updated version of its iOS security guide with the release of iOS 12, and it’s packed with new security improvements and settings every user needs to know about.

According to the newly-published iOS 12 security guide update, new security features in iOS 12 plus easier access to security will help enterprise users protect their data, while performance improvements will help them keep devices in service longer.

“Every iOS device combines software, hardware, and services designed to work together for maximum security and a transparent user experience,” begins the security guide. “iOS protects not only the device and its data at rest, but the entire ecosystem, including everything users do locally, on networks, and with key internet services.”

Apple’s updated guide covers a number of new iOS 12 features including the Shortcuts app, Screen Time, iOS’s Password Management feature, Face ID, and more.

According to Apple, Siri suggestions for apps and shortcuts are generated with on-device machine learning to ensure that no related data is sent to Apple:

Siri suggestions for apps and shortcuts are generated using on-device machine learning. No data goes to Apple except information which can’t be used to identify the user about what signals were useful predictors of shortcuts or app launches. […]

Shortcuts added to Siri are synced across all Apple devices using iCloud, and encrypted using CloudKit end-to-end encryption. The phrases associated with shortcuts are synced to the Siri server for speech recognition, and associated with the random Siri identifier described in the Siri section. Apple doesn’t receive the contents of the shortcuts, which are stored locally in a data vault.

One of iOS 12’s most-wanted features, Screen Time, makes use of CloudKit’s end-to-end encryption to protect users’ usage data, only collection Screen Time information if iPhone and Apple Watch analytics are turned on. Apple monitors whether Screen Time was enabled during Setup Assistant, whether Screen Time is enabled, whether Downtime is enabled, the number of times the “Ask for more” feature is used, and the number of app limits applied.

iOS’s Password Management sees some security upgrades as well; applications cannot access the Password AutoFill keychain anymore without direct user permission. Apple has also given certain apps access only if both the developer and website administrator have given approval:

Apps can’t access the Password AutoFill keychain without user permission. Credentials saved to the Password AutoFill keychain are synchronized across devices with iCloud Keychain when it is enabled. […]

Access is granted to iOS apps only if the app developer and website administrator have given their approval, and the user has given consent. App developers express their intent to access Safari saved passwords by including an entitlement in their app.

One of the most-requested features that has made its way to iOS 12 is multiple appearance support in Face ID, however, Apple has noted that adding a second appearance increases the probability of a random person unlocking your device from 1 in 1,000,000 to 1 in 500,000:

The probability that a random person in the population could unlock your iPhone is 1 in 50,000 with Touch ID or 1 in 1,000,000 with Face ID. This probability increases with multiple enrolled fingerprints (up to 1 in 10,000 with five fingerprints) or appearances (up to 1 in 500,000 with two appearances).

Apple’s full Security Guide can be viewed here. It’s worth a read if you’re serious about learning the various ways Apple works to keep its products safe for its users.