3 Major Updates from Apple’s Latest Security White Paper

Apple’s longstanding commitment to security garnered a good deal of publicity during the company’s legal clash with the FBI over decrypting the San Bernardino shooter’s iPhone 5c. But the whitepapers that Cupertino releases every few years grant the public an unparalleled glimpse into the security philosophy and approach of the world’s most valuable tech company. It also gives users a measure of ease in an era where just about everything seems to be evolving into a digital eye that can turn on you.

Apple’s newly released a new security whitepaper on iOS 10 details the security enhancements it’s made to Touch ID and HomeKit, among other things, Techcrunch reports. It’s the first such whitepaper to come out from Cupertino since September 2015, and shows how Apple engineers continually strive to live up to the unofficial mantra of “balancing security with ease of use” and provide advanced cyber-protections while actually improving the user experience.

As the whitepaper notes, security is a key consideration at the core of the iOS platform: “Every iOS device combines software, hardware, and services designed to work together for maximum security and a transparent user experience”.

3. Touch ID

Touch ID is one example of a simple and intuitive security measure that makes it easy to unlock your iPhone, which is great because Apple’s average users unlock their iPhones around 80 times per day.

Since the biometric login feature first debuted, Apple has expanded its use to Apple Pay and to approving purchase from the App Store, Book Store, and iTunes Store. Since iOS 9’s debut, Touch ID has also been made available to third-party iOS developers, allowing apps to ask users to authenticate logins with a fingerprint. However, the white paper notes that for an extra measure of safety, “the app is only notified as to whether the authentication was successful; it can’t access Touch ID or the data associated with the enrolled fingerprint.”

2. Apple Pay

To protect your financial information, Apple Pay never collects data that can be traced back to you during a transaction. This protection extends to cases where you’re making payments within iOS apps and watchOS apps using Apple Pay. When you make an Apple Pay transaction within an app, Apple receives encrypted information from your device. It then re-encrypts that info with a developer-specific key before sending it along to the third-party merchant, so that your transaction info and what you’re purchasing can’t be traced back to you. Apple does however hold onto anonymous information such as the approximate purchase amount.

1. Siri

Siri has an easy time fielding requests to use Apple apps. It can place phone calls, schedule meetings and reminders, and perform internet searches. But Apple explains why Siri tends to run into issues when working with third-party apps. It largely depends on how much information you allow your third-party apps to access, and what kind of privacy settings you have in place: “Although Siri has access to iOS contacts and the device’s current location, Siri checks the permission to access iOS-protected user data of the app containing the Extension to see if the app has access before providing that information to it.”

So if Venmo doesn’t have access to your iOS contacts, you can’t ask Siri to Venmo money to your mom, because the app doesn’t have permission to access your mom’s contact information: “For example, if the app doesn’t have access to iOS contacts, Siri won’t resolve a relationship in a user request such as “Pay my mother $10 using PaymentApp.” In this case, the Extension’s app would only see “mother” through the raw utterance fragment being passed to it.” 

What do you think about Apple’s tight security measures?  
Let us know in the comments below.