Apple Shares Updated iOS Security Guide With Info on Face ID, Apple Pay Cash and More

[MacRumors]

Apple this afternoon published an updated version of its iOS Security white paper for iOS 11 [PDF], with information that covers features introduced in iOS 11.1 and iOS 11.2, like Face ID and Apple Pay Cash.

Much of the information in the document on Face ID has been previously shared by Apple in a dedicated Face ID white paper and accompanying support document that was released in September following the iPhone X's announcement, but the Face ID section is worth a re-read for those who are interested in Face ID security.

The document also covers several other topics, such as Shared Notes, CloudKit, Siri Suggestions, and more, with a full list of updates below:

Updated for iOS 11.2
- Apple Pay Cash

Updated for iOS 11.1
- Security Certifications and Programs
- Touch ID/Face ID
- Shared Notes
- CloudKit end-to-end encryption
- TLS
- Apple Pay, Paying with Apple Pay on the web
- Siri Suggestions
- Shared iPad

The document explains in detail how Apple features work and how they're protected. With Apple Pay Cash, for example, Apple says transaction data is stored for troubleshooting and fraud protection, while all money transfers are done securely using the Secure Element as with other Apple Pay transactions.

There are many small but significant details in the paper about all of the topics listed above, and for anyone who is interested in the security of their iPhones and iPads, it's worth checking out in detail.

Prior to today's update, the last update to the iOS security document was in July of 2017 following the release of iOS 10.3.

Article Link: Apple Shares Updated iOS Security Guide With Info on Face ID, Apple Pay Cash and More

 

[OldSchoolMacGuy]

Thread will be filled with unrelated complaints about macOS security.

 

[341328]

The dumb buyers will trust anyone with their face data.... some random chinese company where your face data will be shared around online.

 

[Chazzle]

The dumb buyers will trust anyone with their face data.... some random chinese company where your face data will be shared around online.

Huh, didn’t realize Apple was some random Chinese company that shares your data online.

 

[EdT]

Thread will be filled with unrelated complaints about macOS security.

And it was the next post after yours.

 

[Baymowe335]

Hardly anyone will read the entire pdf but almost everyone will have strong opinions on Apples ability to innovate, secure, and write software.

 

[Aussi3]

My face data points is safe with Apple! No one will making a mask anytime soon.

 

[SecuritySteve]

WHOA. Huge deal here that everyone seems to be overlooking. Page 73 in regards to the Apple Bounty for vulnerability researchers (like me) now no longer only applies to Apple partners. This opening up of the system is a big change from when Apple first announced this at DEFCON.

 

[scrapesleon]

My face data points is safe with Apple! No one will making a mask anytime soon.

I wouldn’t be so sure but third party are playing with this technology now like Facebook

 

[miniyou64]

It must be true! No need to open source it, have it audited, or PROVE anything! They published a PDF, so it must be true!

 

[needfx]

too ugly & insignificant to worry

 

[ChrisCW11]

Can we share back to Apple the "Customers" security guide with a requirement that passwords cannot be bypassed by just pure gumption?

 

[Solomani]

The dumb buyers will trust anyone with their face data.... some random chinese company where your face data will be shared around online.

Let me guess, your phone is a Huawei, right?
[doublepost=1515761243][/doublepost]

WHOA. Huge deal here that everyone seems to be overlooking. Page 73 in regards to the Apple Bounty for vulnerability researchers (like me) now no longer only applies to Apple partners. This opening up of the system is a big change from when Apple first announced this at DEFCON.

It's a good thing, right?

 

[deanthedev]

It must be true! No need to open source it, have it audited, or PROVE anything! They published a PDF, so it must be true!

Ah yes, another logical fallacy. I don’t have the source code or any evidence whatsoever, but I’m SURE there’s something wrong.

Or you could go to the other thread where the FBI claims how difficult it is to break into iPhones (so difficult they want a backdoor). Funny you never hear the FBI complaining about security being difficult with anyone else’s devices.

 

[RickInHouston]

Does the update make Safari snappier or the CPU slower?

Couldn't resist!

 

[SecuritySteve]

Let me guess, your phone is a Huawei, right?
[doublepost=1515761243][/doublepost]
It's a good thing, right?

Yes, very good thing.

 

[Cordorb]

If i read the PDF in my Ipad with night shift mode on will it still be a white paper ?

 

[miniyou64]

Ah yes, another logical fallacy. I don’t have the source code or any evidence whatsoever, but I’m SURE there’s something wrong.

Or you could go to the other thread where the FBI claims how difficult it is to break into iPhones (so difficult they want a backdoor). Funny you never hear the FBI complaining about security being difficult with anyone else’s devices.

That would very specifically point the security being easier to break, not harder since they would want the people they are going after to use iPhones...

 

[DeepIn2U]

Hardly anyone will read the entire pdf but almost everyone will have strong opinions on Apples ability to innovate, secure, and write software.

I think this is more about Apple beginning to be more transparent since yesterday's questions from a specific Senator in the USA was fielded regarding their battery/cpu throttling stance.
[doublepost=1515788069][/doublepost]

The dumb buyers will trust anyone with their face data.... some random chinese company where your face data will be shared around online.

Mobele obele. Belobeole ol, ookebokee blahbelobeda.

 

[deanthedev]

That would very specifically point the security being easier to break, not harder since they would want the people they are going after to use iPhones...

I suppose all that time in court trying to force Apple to build a back door was.....just for show?

 

[miniyou64]

I suppose all that time in court trying to force Apple to build a back door was.....just for show?

Potentially

 

[deanthedev]

Potentially

Ridiculous.

Apparently it bothers you that iOS is so secure. Why someone would be upset iOS is secure is beyond me.

 

[miniyou64]

Ridiculous.

Apparently it bothers you that iOS is so secure. Why someone would be upset iOS is secure is beyond me.

I'm glad you take a companies word for it. I don't however. I like proof, not marketing spin. And for the record people who are serious about security in the technology world agree with my point of view.

 

[deanthedev]

I'm glad you take a companies word for it. I don't however. I like proof, not marketing spin. And for the record people who are serious about security in the technology world agree with my point of view.

Please show me “proof” from any software company on the planet. I’ll be right here waiting......because you have none. You’re literally making stuff up as you go.

 

[miniyou64]

Please show me “proof” from any software company on the planet. I’ll be right here waiting......because you have none. You’re literally making stuff up as you go.

Have you heard of open source software?