Apple fortifies platform security for billions of its devices

In an extra push to secure one billion iPhones and millions of other devices like iPads and Macs, Apple has released a comprehensive Platform Security guide that takes its security-built-into-hardware approach to a new level.

The updated Platform Security document describes how Mac computers now work in similar ways to iPhones when it comes to security with M1 silicon chips.

“Secure software requires a foundation of security built into hardware. That’s why Apple devices — running iOS, iPadOS, macOS, tvOS or watchOS — have security capabilities designed into silicon,” the company said in its update.

Building on the unique capabilities of Apple hardware, system security is designed to maximise the security of the operating systems on Apple devices without compromising usability.

“System security encompasses the boot-up process, software updates and the ongoing operation of the OS,” Apple said.

The latest Platform Security guide is an in-depth take on the new and updated security features that arrived with iOS 14, macOS 11 Big Sur, Apple Silicon Macs, watchOS 7, and more.

The most critical component is the Secure Enclave coprocessor, which appears on all modern iOS, iPadOS, watchOS and tvOS devices, and all Mac computers with the Apple T2 Security Chip.

All modern iPhone, iPad and Mac computers with a T2 chip include a dedicated AES hardware engine to power line-speed encryption as files are written or read.

“This ensures that Data Protection and FileVault protect users’ files without exposing long-lived encryption keys to the CPU or operating system,” Apple explained.

Secure boot of Apple devices ensures that the lowest levels of software aren’t tampered with and that only trusted operating system software from Apple loads at startup.

On iOS and iPadOS devices, security begins in immutable code called the Boot ROM, which is laid down during chip fabrication and known as the hardware root of trust.

The Secure Enclave enables Touch ID and Face ID on Apple devices to provide secure authentication while keeping user biometric data private and secure.

“This enables users to enjoy the security of longer and more complex passcodes and passwords with, in many situations, the convenience of swift authentication,” according to the new update.

iOS and iPadOS devices use a file encryption methodology called Data Protection, while the data on Mac computers is protected with a volume encryption technology called FileVault.

Apple also detailed how it secures millions of apps on its online store.

“Apple provides layers of protection to ensure that apps are free of known malware and haven’t been tampered with. Additional protections enforce that access from apps to user data is carefully mediated,” it informed.

The users can access these apps on their Apple devices without undue fear of viruses, malware or unauthorised attacks.

On iPhone, iPad and iPod touch, all apps are obtained from the App Store — and all apps are sandboxed — to provide the tightest controls.

On Mac, many apps are obtained from the App Store but Mac users also download and use apps from the internet. To safely support internet downloading, macOS layers additional controls.