Apple today published an updated version of its iOS security white paper [PDF] for iOS 12, with information on new features and updates introduced with the iOS 12 software.

According to Apple's Document Revision History, the updated guide covers iOS 12 features like Siri Suggestions, Siri Shortcuts, the Shortcuts app, Screen Time, Password AutoFill Student ID cards, and more.

shortcutslibrary
On Siri Suggestions, for example, Apple explains that suggestions for apps and shortcuts are generated using on-device machine learning, with no data going to Apple except info that can't be used to identify the user.

On the Shortcuts app, Apple explains that shortcuts can be optionally synced across Apple devices using iCloud or shared with other users. Apple protects against malicious JavaScript within shortcuts by updating malware definitions to identify malicious scripts at run-time.

Custom shortcuts can also run user-specified JavaScript on websites in Safari when invoked from the share sheet. In order to protect against malicious JavaScript that, for example, trick the user into running a script on a social media website that harvests their data, updated malware definitions are downloaded to identify malicious scripts at run-time. The first time that a user runs Javascript on a domain, the user is prompted to allow Shortcuts containing javascript to run on the current webpage for that domain.

Screen Time, meanwhile uses CloudKit's end-to-end encryption to protect usage data. Apple only collects Screen Time statistics if iPhone and Apple Watch analytics is turned on, with Apple monitoring whether Screen Time was turned on during Setup Assistant, whether Screen Time is turned on, whether Downtime is enabled, the number of times the "Ask for more" feature is used, and the number of app limits applied.

One interesting bit in the document relates to the new feature that lets a second appearance be added to Face ID in iOS 12. Adding a secondary appearance, says Apple, will decrease the probability that a random person can unlock the iPhone from 1 in 1,000,000 to 1 in 500,000.

The probability that a random person in the population could unlock your iPhone is 1 in 50,000 with Touch ID or 1 in 1,000,000 with Face ID. This probability increases with multiple enrolled fingerprints (up to 1 in 10,000 with five fingerprints) or appearances (up to 1 in 500,000 with two appearances).

Apple's security document explains in detail how each and every iOS 12 feature works and how it's protected. The guide is filled with many small but significant details on iOS 12 features, and for anyone interested in the security of the iPhone and the iPad, the full document is worth checking out.

Top Rated Comments

noraa Avatar
36 months ago
I still don’t understand any of that. Shouldn’t increasing the appearances or fingerprints decrease the probability of false positives, as in make it harder for unauthorized access because there’s more data to screen against before granting access?
No, because adding an additional face or fingerprint isn't giving additional data to an existing entry - it is adding a second entry.

Think of it this way. Let's say you use a 4 digit pin to unlock your phone. The chances of a person guessing that pin is 1 in 10000. Now let's say you can unlock your phone not with just the one pin code, but another pin code. Suddenly, the chance of a person guessing your pin becomes 2 in 10000, or 1 in 5000.

The same idea goes for FaceID and TouchID, the difference being that someone isn't going to be "guessing" your fingerprint or face - but that a person with similar fingerprints or face may be able to unlock the phone. This is called a false positive - someone is able to unlock the phone when they shouldn't be able to (versus a false negative, when someone should be able to unlock the phone but they can't).

At the moment, the false positive rate for FaceID is 1 in 1000000 - i.e. the chance of a person who looks similar enough to you unlocking your phone is 1 in a million. If you add a second appearance (either of your own face or of someone else), then the false positive rate will double to 2 in 1000000, or 1 in 500000.
Score: 5 Votes (Like | Disagree)
jasonefmonk Avatar
36 months ago
Adding a secondary appearance, says Apple, will decrease the probability that a random person can unlock the iPhone from 1 in 1,000,000 to 1 in 500,000.
That is a misinterpretation of the information. Adding additional fingerprints or appearances increases the probability of false positives. It is stated in the quote just after:
The probability that a random person in the population could unlock your iPhone is 1 in 50,000 with Touch ID or 1 in 1,000,000 with Face ID. This probability increases with multiple enrolled fingerprints (up to 1 in 10,000 with five fingerprints) or appearances (up to 1 in 500,000 with two appearances).
Score: 5 Votes (Like | Disagree)
noraa Avatar
36 months ago
I'm sorry but whats the difference between a mathematical representation and a pixel representation? They're both unique so there isn't anything more secure about one vs the other.. You might save some storage space at most.
It’s a huge difference! A mathematical representation isn’t going to be reversed engineered back into your face. Their are no identifying markers to trace it back to you.

Thats what they say, but you don't know if thats what they do. They don't let you verify their software... It's proprietary they can say one thing and do the other... Just like any malicious entity.
It's easy to make a software button look unselected but make the internal choice selected. It's also easy to write around the signed authorization... The fact that they have the ability to do this period should concern people.
If they didn't want people to have access to this information they wouldn't build a door to get it... Which is suspicious in my view. And is probably designed for abuse from the beginning...
Do you really think that Apple would secretly do this? Do you know what kind of PR nightmare that would turn into if someone found out?

Seriously, if you’re this paranoid, just don’t use FaceID. But stop spreading FUD.
Score: 2 Votes (Like | Disagree)
sinsin07 Avatar
36 months ago
I came, I saw, I closed the App.

I am a power user and I can't think of a single use case.
Then that makes you an average user. :p
Score: 2 Votes (Like | Disagree)
OldSchoolMacGuy Avatar
36 months ago
I came, I saw, I closed the App.

I am a power user and I can't think of a single use case.
Then you aren't really a power user.
Score: 2 Votes (Like | Disagree)
Jyby Avatar
36 months ago
Science Rules!
Score: 1 Votes (Like | Disagree)

Top Stories

iphone12protriplelenscamera

Apple's Orders for Key iPhone 13 Camera Component Expected to Outstrip Entire Android Market

Wednesday June 9, 2021 12:47 am PDT by
Major camera upgrades coming to the iPhone 13 series are putting increased pressure on suppliers to meet Apple's demand for key lens components, according to a new DigiTimes report. Apple has reportedly put Taiwan-based makers of voice coil motor (VCM) components on notice to increase their capacity by 30-40% in order to meet the company's demand, which is expected to outstrip the entire...
macos monterey setup assistant

macOS Monterey Allows You to Erase a Mac Without Needing to Reinstall the Operating System

Wednesday June 9, 2021 4:41 pm PDT by
It's been a few days since Apple announced macOS Monterey, and we continue to dig through new features that weren't mentioned during the WWDC keynote, including a much more convenient way of erasing a Mac. Following in the footsteps of the iPhone and iPad, the Mac has gained an "Erase All Content and Settings" option on macOS Monterey. The option allows you to erase all user data and...
EEC Apple iphone 13

Apple Registers iPhone 13 Models in Eurasia Ahead of September Launch

Friday June 11, 2021 2:16 am PDT by
Nashville Chatter Class has discovered a new Russian-language regulatory filing in the Eurasian Economic Commission (EEC) database pointing towards several unreleased iPhone 13 models that Apple will be launching in the fall. Versions of iPhone running iOS 14 are listed with the model numbers A2628, A2630, A2634, A2635, A2640, A2643, and A2645. None of the numbers correspond to Apple's...
Dark Sky App Featured

Dark Sky iOS App, Website, and API Now Scheduled to Remain Available Until End of 2022

Thursday June 10, 2021 7:34 am PDT by
Last year, Apple acquired the weather app Dark Sky, and shortly after its purchase, Apple shut down the app for Android. Despite the revamped iOS 15 Weather app taking heavy inspiration from Dark Sky, the weather's app standalone iOS app, web app, and API will remain available until the end of next year, compared to the end of this year, as previously planned. Dark Sky announced in an update ...
mr white ipod touch 5 protoype3

Unreleased iPod Touch 5 With Chamfered Edges and 30-Pin Dock Connector Shared Online

Thursday June 10, 2021 2:05 am PDT by
Occasional leaker Mr White has today shared interesting images on Twitter of what appears to be an old-school fifth-generation iPod touch prototype with chamfered edges and a brushed aluminum finish. The original iPod touch 5 that Apple released in October 2012 had a unibody anodized aluminum chassis with rounded edges, and was available in several colors, including slate. Another...
live text macos monterey

Several macOS Monterey Features Unavailable on Intel-Based Macs

Wednesday June 9, 2021 8:23 am PDT by
While there are many great new features in macOS Monterey, several of them are not available on Intel-based Macs, according to Apple. On the macOS Monterey features page, fine print indicates that the following features require a Mac with the M1 chip, including any MacBook Air, 13-inch MacBook Pro, Mac mini, and iMac model released since November 2020:Portrait Mode blurred backgrounds in...
ipad mini 6

Next iPad Mini Will Allegedly Feature Thinner Bezels, USB-C Port, and Touch ID Power Button

Friday June 11, 2021 1:13 pm PDT by
On his newly launched Front Page Tech website, leaker Jon Prosser has shared renders showing off the alleged design of the next-generation iPad mini, which he says are based on schematics, CAD files, and real images of the device. In line with details shared earlier this month by Bloomberg's Mark Gurman and Debby Wu, Prosser claims that the new iPad mini will feature slimmer bezels around...
apple logo plain

Trump Administration Subpoenaed Apple for Data on Two House Intelligence Committee Democrats

Thursday June 10, 2021 6:21 pm PDT by
When investigating leaks of classified information during the early days of the Trump Administration, the United States Justice Department subpoenaed Apple for metadata from the accounts of at least two Democrats on the House Intelligence Committee, reports The New York Times. Apple was also required to provide data from their aides and family members, with the DoJ requesting the records of...
macos monterey tidbits feature copy

macOS Monterey Tidbits: Animated Memoji on Login Screen, Change the Color of the Mouse Pointer, and More

Friday June 11, 2021 10:27 am PDT by
We've highlighted several new features coming in macOS Monterey, such as Low Power Mode and the option to erase a Mac without reinstalling the operating system, but there are some smaller tidbits that we wanted to share. Animated Memoji on Login Screen One small but fun new feature in macOS Monterey is the addition of a personalized Memoji on the login screen, complete with animated facial...
ios15 mail privacy feature

Apple Putting a Stop to Email Tracking Pixels With Mail Privacy Protection in iOS 15 and macOS Monterey

Thursday June 10, 2021 11:03 am PDT by
Tracking when you've opened up an email and what you've read is something that many companies and advertisers rely on for their marketing efforts, plus there are email clients out there designed to let users know when the emails they've sent have been opened up. Much of this tracking is facilitated by remote images that load when viewing an email, and some of it is even sneakier, with...