In conjunction with the release of iOS 12 today, Apple has released a new version of its iOS Security Guide. This update includes new details on the Secure Enclave, DFU and recovery mode, Screen Time, Shortcuts, and more.
Apple releases updated versions of its Security Guide several times per year, generally coinciding with the release of a major new iOS update or feature. For instance, alongside the iPhone X, it released a new version of the Security Guide with details on Face ID.
First off, today’s revision to the Security Guide includes new details on Shortcuts. Apple says that Siri suggestions for apps and shortcuts are generated with on-device machine learning, ensuring that no identifiable data goes to Apple:
Elsewhere, Apple offers a handful of details on iOS’s Password Management feature. The company says applications cannot access the Password AutoFill keychain without direct user permission. Apple also says that access is granted to iOS apps only if the app developer and website administrator have given approval:
Shortcuts added to Siri are synced across all Apple devices using iCloud, and encrypted using CloudKit end-to-end encryption. The phrases associated with shortcuts are synced to the Siri server for speech recognition, and associated with the random Siri identifier described in the Siri section. Apple doesn’t receive the contents of the shortcuts, which are stored locally in a data vault.
iOS 12 also includes support for multiple appearances in Face ID, but Apple notes that adding a second appearance will increase the probability of a random person being able to unlock your device from 1 in 1,000,000 to 1 in 500,000.
Apple’s full Security Guide can be viewed here. It’s most definitely worth a read if you’re curious about just how extensive Apple’s commitment to security and user privacy is.
