Apple Shares Updated iOS Security Guide With Info on Face ID, Apple Pay Cash and More

Thursday January 11, 2018 4:31 pm PST by Juli Clover
Apple this afternoon published an updated version of its iOS Security white paper for iOS 11 [PDF], with information that covers features introduced in iOS 11.1 and iOS 11.2, like Face ID and Apple Pay Cash.

Much of the information in the document on Face ID has been previously shared by Apple in a dedicated Face ID white paper and accompanying support document that was released in September following the iPhone X's announcement, but the Face ID section is worth a re-read for those who are interested in Face ID security.


The document also covers several other topics, such as Shared Notes, CloudKit, Siri Suggestions, and more, with a full list of updates below:

Updated for iOS 11.2
- Apple Pay Cash

Updated for iOS 11.1
- Security Certifications and Programs
- Touch ID/Face ID
- Shared Notes
- CloudKit end-to-end encryption
- TLS
- Apple Pay, Paying with Apple Pay on the web
- Siri Suggestions
- Shared iPad

The document explains in detail how Apple features work and how they're protected. With Apple Pay Cash, for example, Apple says transaction data is stored for troubleshooting and fraud protection, while all money transfers are done securely using the Secure Element as with other Apple Pay transactions.

There are many small but significant details in the paper about all of the topics listed above, and for anyone who is interested in the security of their iPhones and iPads, it's worth checking out in detail.

Prior to today's update, the last update to the iOS security document was in July of 2017 following the release of iOS 10.3.

[ 28 comments ]

Top Rated Comments

(View all)

Avatar
EdT
25 months ago

Thread will be filled with unrelated complaints about macOS security.


And it was the next post after yours.
Rating: 10 Votes
Avatar
Chazzle
25 months ago

The dumb buyers will trust anyone with their face data.... some random chinese company where your face data will be shared around online.

Huh, didn’t realize Apple was some random Chinese company that shares your data online.
Rating: 9 Votes
Avatar
OldSchoolMacGuy
25 months ago
Thread will be filled with unrelated complaints about macOS security.
Rating: 8 Votes
Avatar
SecuritySteve
25 months ago
WHOA. Huge deal here that everyone seems to be overlooking. Page 73 in regards to the Apple Bounty for vulnerability researchers (like me) now no longer only applies to Apple partners. This opening up of the system is a big change from when Apple first announced this at DEFCON.
Rating: 5 Votes
Avatar
341328
25 months ago
The dumb buyers will trust anyone with their face data.... some random chinese company where your face data will be shared around online.
Rating: 2 Votes
Avatar
Baymowe335
25 months ago
Hardly anyone will read the entire pdf but almost everyone will have strong opinions on Apples ability to innovate, secure, and write software.
Rating: 2 Votes
Avatar
Chazzle
25 months ago

It’s not. I didn’t say that. Geez.
[doublepost=1515820143][/doublepost]
I was saying Apple is the only one I’d trust with Secure Enclave and not cloud storage.

Okay, that wasn’t clear at all.
Rating: 1 Votes
Avatar
miniyou64
25 months ago
It must be true! No need to open source it, have it audited, or PROVE anything! They published a PDF, so it must be true!
Rating: 1 Votes
Avatar
SecuritySteve
25 months ago

Let me guess, your phone is a Huawei ('https://intelligence.house.gov/sites/intelligence.house.gov/files/documents/huawei-zte%20investigative%20report%20(final).pdf'), right? :rolleyes:
[doublepost=1515761243][/doublepost]
It's a good thing, right?

Yes, very good thing.
Rating: 1 Votes

[ Read All Comments ]