Apple has released its 2019 platform security guide that covers the company's efforts at different levels. This concerns hardware security and biometry, encryption and data protection, as well as network applications, services and security.
In its 2019 guide, Apple describes its approach to security and notes how it uses hardware, software, and services to achieve maximum security. This year, Apple has provided additional examples of security and privacy through offline device detection via the Find feature, as well as what it has done with firmware security on the Mac.
The document is over 150 pages long and is divided into the following sections:
- Material Security and Biometry: the hardware that forms the basis of security on Apple devices, including Secure Enclave, an AES ddi cryptographic engine, Touch ID and Face ID.
- System security: integrated hardware and software features that ensure safe boot, update, and operation of Apple operating systems.
- Cryptography and data protection: the architecture and design that protects user data in the event of loss or theft of the device or if an unauthorized person attempts to use or modify it.
- Application security: software and services that provide a secure application ecosystem and allow applications to run safely and without compromising the integrity of the platform.
- Security of services: Apple services for identifying, managing passwords, payments, communications, and finding lost devices.
- Network security: industry standard network protocols that provide secure authentication and encryption of transmitted data.
- Kit for developers: frameworks for secure and private management of home and health, as well as the extension of the functionality of Apple devices and services to third-party applications.
- Secure device management: methods that allow management of Apple devices, prevent unauthorized use and allow remote deletion in the event of loss or theft of a device.
- Certifications and security programs: information on ISO certifications, cryptographic validation, Common Criteria certification and the Commercial Solutions for Classified (CSfC) program.