Apple today published an updated version of its iOS security white paper [PDF] for iOS 12, with information on new features and updates introduced with the iOS 12 software.

According to Apple's Document Revision History, the updated guide covers iOS 12 features like Siri Suggestions, Siri Shortcuts, the Shortcuts app, Screen Time, Password AutoFill Student ID cards, and more.

shortcutslibrary
On Siri Suggestions, for example, Apple explains that suggestions for apps and shortcuts are generated using on-device machine learning, with no data going to Apple except info that can't be used to identify the user.

On the Shortcuts app, Apple explains that shortcuts can be optionally synced across Apple devices using iCloud or shared with other users. Apple protects against malicious JavaScript within shortcuts by updating malware definitions to identify malicious scripts at run-time.

Custom shortcuts can also run user-specified JavaScript on websites in Safari when invoked from the share sheet. In order to protect against malicious JavaScript that, for example, trick the user into running a script on a social media website that harvests their data, updated malware definitions are downloaded to identify malicious scripts at run-time. The first time that a user runs Javascript on a domain, the user is prompted to allow Shortcuts containing javascript to run on the current webpage for that domain.

Screen Time, meanwhile uses CloudKit's end-to-end encryption to protect usage data. Apple only collects Screen Time statistics if iPhone and Apple Watch analytics is turned on, with Apple monitoring whether Screen Time was turned on during Setup Assistant, whether Screen Time is turned on, whether Downtime is enabled, the number of times the "Ask for more" feature is used, and the number of app limits applied.

One interesting bit in the document relates to the new feature that lets a second appearance be added to Face ID in iOS 12. Adding a secondary appearance, says Apple, will decrease the probability that a random person can unlock the iPhone from 1 in 1,000,000 to 1 in 500,000.

The probability that a random person in the population could unlock your iPhone is 1 in 50,000 with Touch ID or 1 in 1,000,000 with Face ID. This probability increases with multiple enrolled fingerprints (up to 1 in 10,000 with five fingerprints) or appearances (up to 1 in 500,000 with two appearances).

Apple's security document explains in detail how each and every iOS 12 feature works and how it's protected. The guide is filled with many small but significant details on iOS 12 features, and for anyone interested in the security of the iPhone and the iPad, the full document is worth checking out.

Related Forum: iOS 12

Top Rated Comments

noraa Avatar
55 months ago
I still don’t understand any of that. Shouldn’t increasing the appearances or fingerprints decrease the probability of false positives, as in make it harder for unauthorized access because there’s more data to screen against before granting access?
No, because adding an additional face or fingerprint isn't giving additional data to an existing entry - it is adding a second entry.

Think of it this way. Let's say you use a 4 digit pin to unlock your phone. The chances of a person guessing that pin is 1 in 10000. Now let's say you can unlock your phone not with just the one pin code, but another pin code. Suddenly, the chance of a person guessing your pin becomes 2 in 10000, or 1 in 5000.

The same idea goes for FaceID and TouchID, the difference being that someone isn't going to be "guessing" your fingerprint or face - but that a person with similar fingerprints or face may be able to unlock the phone. This is called a false positive - someone is able to unlock the phone when they shouldn't be able to (versus a false negative, when someone should be able to unlock the phone but they can't).

At the moment, the false positive rate for FaceID is 1 in 1000000 - i.e. the chance of a person who looks similar enough to you unlocking your phone is 1 in a million. If you add a second appearance (either of your own face or of someone else), then the false positive rate will double to 2 in 1000000, or 1 in 500000.
Score: 5 Votes (Like | Disagree)
jasonefmonk Avatar
55 months ago
Adding a secondary appearance, says Apple, will decrease the probability that a random person can unlock the iPhone from 1 in 1,000,000 to 1 in 500,000.
That is a misinterpretation of the information. Adding additional fingerprints or appearances increases the probability of false positives. It is stated in the quote just after:
The probability that a random person in the population could unlock your iPhone is 1 in 50,000 with Touch ID or 1 in 1,000,000 with Face ID. This probability increases with multiple enrolled fingerprints (up to 1 in 10,000 with five fingerprints) or appearances (up to 1 in 500,000 with two appearances).
Score: 5 Votes (Like | Disagree)
noraa Avatar
55 months ago
I'm sorry but whats the difference between a mathematical representation and a pixel representation? They're both unique so there isn't anything more secure about one vs the other.. You might save some storage space at most.
It’s a huge difference! A mathematical representation isn’t going to be reversed engineered back into your face. Their are no identifying markers to trace it back to you.

Thats what they say, but you don't know if thats what they do. They don't let you verify their software... It's proprietary they can say one thing and do the other... Just like any malicious entity.
It's easy to make a software button look unselected but make the internal choice selected. It's also easy to write around the signed authorization... The fact that they have the ability to do this period should concern people.
If they didn't want people to have access to this information they wouldn't build a door to get it... Which is suspicious in my view. And is probably designed for abuse from the beginning...
Do you really think that Apple would secretly do this? Do you know what kind of PR nightmare that would turn into if someone found out?

Seriously, if you’re this paranoid, just don’t use FaceID. But stop spreading FUD.
Score: 2 Votes (Like | Disagree)
sinsin07 Avatar
55 months ago
I came, I saw, I closed the App.

I am a power user and I can't think of a single use case.
Then that makes you an average user. :p
Score: 2 Votes (Like | Disagree)
OldSchoolMacGuy Avatar
55 months ago
I came, I saw, I closed the App.

I am a power user and I can't think of a single use case.
Then you aren't really a power user.
Score: 2 Votes (Like | Disagree)
Jyby Avatar
55 months ago
Science Rules!
Score: 1 Votes (Like | Disagree)

Popular Stories

Emergency SOS via Satellite iPhone YT

Apple's iPhone 14 Emergency SOS via Satellite Feature Saves Stranded Man in Alaska

Thursday December 1, 2022 4:37 pm PST by
With the launch of iOS 16.1, Apple rolled out a Emergency SOS via Satellite, which is designed to allow iPhone 14 owners to contact emergency services using satellite connectivity when no cellular or WiFi connection is available. The feature was put to the test in Alaska today, when a man became stranded in a rural area. In the early hours of the morning on December 1, Alaska State Troopers ...
General iOS 16 Feature Yellow

iOS 16.2 for iPhone Launching This Month With These 8 New Features

Thursday December 1, 2022 8:44 am PST by
Apple plans to publicly release iOS 16.2 for the iPhone in mid-December, according to Bloomberg's Mark Gurman. The update remains in beta testing for now, with at least eight new features and changes already uncovered so far. iOS 16.2 introduces a number of new features, including Apple's new whiteboard app Freeform, two new Lock Screen widgets for Sleep and Medications, the ability to hide...
iOS 16

Apple Releases iOS 16.1.2 With Carrier Improvements and Crash Detection Optimizations

Wednesday November 30, 2022 10:09 am PST by
Apple today released iOS 16.1.2, another minor bug fix update that comes one week after the release of iOS 16.1.1 and three weeks after the launch of iOS 16.1, an update that added support for iCloud Shared Photo Library, Matter, Live Activities, and more. The iOS 16.1.2 update can be downloaded on eligible iPhones over-the-air by going to Settings > General > Software Update. According...
iPad 10 Battery Pull Tabs

iPad 10 Teardown Reveals Why Device Isn't Compatible With Apple Pencil 2

Thursday December 1, 2022 10:48 am PST by
Do-it-yourself repair website iFixit today shared a video teardown of Apple's new 10th-generation iPad, providing a closer look inside the tablet and revealing why the device lacks support for the second-generation Apple Pencil. The teardown reveals the internal layout of the iPad, including its two-cell 7,606 mAh battery, logic board with the A14 Bionic chip, and more. As suspected, the...
iOS 16

When Will iOS 16.2 Be Released?

Friday December 2, 2022 2:13 pm PST by
Apple in late October began testing iOS 16.2 and iPadOS 16.2 updates, providing betas to both developers and public beta testers. As of now, we've had four total betas, with the fourth beta having been released earlier this week. iOS 16.2 and iPadOS 16.2 are expected before the end of the year, and we thought we'd try to narrow down the launch timeline. With only four betas released since...
14 vs 16 inch mbp m2 pro and max feature 1

Major RAM Upgrade Coming to Next-Generation MacBook Pro

Friday December 2, 2022 2:03 am PST by
The next-generation MacBook Pro models could feature faster RAM, according to a recent report from a reliable source. MacRumors Forums member "Amethyst," who accurately revealed details about the Mac Studio and Studio Display before those products were announced, recently provided information about Apple's upcoming 14- and 16-inch MacBook Pro models. The new machines are expected to feature...
iOS 16

Apple Still Has These 5 Things to Release Heading Into 2023

Thursday December 1, 2022 7:12 am PST by
The calendar has turned to December and that means Apple has only one month left to fulfill its promises of releasing an Apple Music Classical app and expanding its self-service repair program to Europe before the end of 2022. Delays are always possible, of course, so the plans could be pushed back to 2023. In any case, we have put together a list of five things that Apple still has to release...
iOS 16

Apple Seeds Fourth Betas of iOS 16.2 and iPadOS 16.2 [Update: Public Beta Available]

Thursday December 1, 2022 10:16 am PST by
Apple today seeded the fourth betas of upcoming iOS 16.2 and iPadOS 16.2 updates to developers for testing purposes, with the betas coming two weeks after Apple seeded the third betas of iOS 16.2 and iPadOS 16.2. Registered developers are able to download the iOS 16‌.2 and iPadOS 16.2 profiles from the Apple Developer Center, and once installed, the beta is available over the air. iOS...
iPhone Measure Height

Newer iPhones Allow You to Measure Someone's Height Instantly — Here's How

Saturday December 3, 2022 10:23 am PST by
iPhone 12 Pro and Pro Max, iPhone 13 Pro and Pro Max, and iPhone 14 Pro and Pro Max models feature a LiDAR Scanner next to the rear camera that can be used to measure a person's height instantly in Apple's preinstalled Measure app. To measure a person's height, simply open the Measure app, point your iPhone at the person you want to measure, and make sure they are visible on the screen from...
apple ar headset concept 2

Apple Now Calling AR/VR Headset Operating System 'xrOS'

Thursday December 1, 2022 12:57 pm PST by
Apple has decided to call the software that will run on its upcoming AR/VR headset "xrOS," an update from the original "RealityOS or "rOS" naming the company was planning on, according to Bloomberg. Render created by Ian Zelbo based on rumored information The name change comes as Apple begins to prepare for the launch of the headset, which is expected at some point in 2023. The headset will...