9to5Mac is brought to you by Incogni: Protect your personal info from prying eyes. With Incogni, you can scrub your deeply sensitive information from data brokers across the web, including people search sites. Incogni limits your phone number, address, email, SSN, and more from circulating. Fight back against unwanted data brokers with a 30-day money back guarantee.
Apple has a reputation for prioritizing the privacy of its customers, and that commitment begins right at the chip design level.
Here’s a look at the eight layers of Apple security protecting the personal data stored on both your Apple devices and in iCloud …
1. Hardware security
Apple’s hardware security measures begin at the most basic level, with the Boot ROM found in all its chips. This is code that cannot be overwritten by anyone, not even Apple, and the company says this is what forms “the hardware root of trust.” The Boot ROM is responsible for verifying that only trusted OS software signed by Apple is allowed to load at startup.
The Secure Enclave (SE) is perhaps the best-known Apple security hardware. This is the chip used to store your device passcode or password, as well as the biometric data used for Face ID and Touch ID. Crucially, not even Apple’s own operating systems can access the data stored in the SE.
For example, when you use Face ID to unlock your iPhone, iOS asks the SE chip to verify your identity. The chip responds only with a ‘Yes’ or ‘No’ – it never reveals any of the data used to reach this conclusion. The SE chip has its own secure Boot ROM with exactly the same protections as the main processor.
Finally, user data is encrypted and decrypted on the fly using a very similar approach to the SE. Let’s say you use Touch ID on your Mac to open a locked Note. macOS asks the SE chip whether Touch ID confirmed your identity, and the chip says Yes. But it doesn’t end there: macOS still can’t access the content of the encrypted note itself, it instead asks a dedicated AES hardware engine to decrypt it.
So even within an A-series or M-series chip, there are multiple chips devoted to ensuring that not even the operating system can directly access your most sensitive data.
2. Operating system security
We’ve already seen some of the ways in which the hardware layer protects the integrity of the operating system. This is backed by OS features designed to ensure that only trusted code is allowed to run, with a number of checks performed every time particular sections of code run.
The details are complex, but let’s take the kernel as an example. This is the name given to the core part of the OS that manages everything else. As soon as the kernel has booted, Kernel Integrity Protection (KIP) is switched on. This ensures that nothing can be written to the memory region in which the kernel is stored, and the hardware used to enable KIP is locked as soon as it has booted to ensure that it cannot be reconfigured.
This is just one of six OS-level protections used by Apple.
3. File encryption
Apple devices encrypt user data, using a technology known as Data Protection. This is now used for all Apple devices except Intel Macs, which use an older tech called FileVault.
Every time you (or one of your apps) creates a new file, Data Protection creates a new 256-bit key and gives it to the AES hardware engine. The AES chip then uses that key to encrypt your data as it is written to the file. For full protection on a Mac, you need to switch on FileVault (Apple continues to use this term on Apple Silicon Macs purely for familiarity).
4. App security
Apple has multiple layers of app security, starting with a requirement that all apps are notarized by Apple, confirming that they have been checked for malware and are subjected to a built-in anti-virus check when run.
Additionally, a process known as sandboxing is used, which means that by default an app can only access data belonging to that app, and cannot make changes to the device. Where an app wants to access data from other apps (like a third-party calendar app, for example), they can only do so with permission using specific services provided by Apple.
All third-party apps (and most Apple ones) run as a non-privileged user, and have to use Apple-written APIs to access the OS. This means there’s no way for an app to do anything Apple doesn’t explicitly allow, so there’s no way for them to make changes to the OS, modify other apps, or escalate their own privileges.
5. Services security
Apple uses extensive individual security measures for each of its services, and it isn’t feasible to summarize all of these, so I’ll use iMessage as an example.
All iMessages use end-to-end encryption, meaning that not even Apple can read them. When you message a new person, Apple first looks them up in the Apple Identity Service (IDS) database. From this, it retrieves their public key, and the unique identifiers for each of their registered devices.
Messages are individually encrypted for each of the recipient’s devices, using a key that only that device knows. In the case of attachments like photos, the attachment is encrypted with a randomly generated 256-bit key and then uploaded to iCloud. The link and key are then encrypted in the same was as the iMessage itself and sent to the recipient’s device, which silently uses that data to download and decrypt the attachment.
6. Network security
As with services, Apple has extensive protections for each element of its network service, and the details are very dense.
But just to give a flavor, let’s look at MAC addresses. Every device capable of connecting to a wireless network has a unique address known as its MAC (Media Access Control) address. This can be used by networks to identify specific devices, and potentially by hackers to target them.
To ensure privacy, Apple hides your actual MAC address and instead uses a random one. There is a technique that can be used to identify the true MAC address, so Apple implements an additional form of protection to defeat this (for network geeks, a random offset in the timing synchronisation function).
7. Developer kits
Similarly, security and privacy are at the heart of each of Apple’s ‘kit’ frameworks, like HomeKit.
Taking that as an example, all communication between Apple devices and HomeKit products uses end-to-end encryption. When you use your iPhone to add a HomeKit product to your network, the Home app will ask the device to prove that it has HomeKit or Matter certification. Once verified, the two ends exchange codes to create a unique end-to-end encryption key used only to communicate with that specific device.
End-to-end encryption protects not just commands, but also state checks – for example, a lightbulb won’t even tell your Home app whether it is on or off without encrypting that message using a key known only by your home.
8. Secure device management
Finally, Apple lets corporations impose their own security policies on managed devices.
A company can remotely configure and update any company device, and set rules that will be enforced by the operating system. For example, when your company issues an iPhone to you it can set a requirement for you to use a complex password instead of a 6-digit numeric one, and your iPhone will reject any password that doesn’t meet the company’s requirements. It can also block particular apps from being installed. Managed devices can also be remotely erased.
These are just examples – you can find a detailed guide to Apple security in this document.
9to5Mac is brought to you by Incogni: Protect your personal info from prying eyes. With Incogni, you can scrub your deeply sensitive information from data brokers across the web, including people search sites. Incogni limits your phone number, address, email, SSN, and more from circulating. Fight back against unwanted data brokers with a 30-day money back guarantee.
Highlighted accessories
Photo by Martin Sanchez on Unsplash
FTC: We use income earning auto affiliate links. More.
