Apple today published an updated version of its iOS security white paper [PDF] for iOS 12, with information on new features and updates introduced with the iOS 12 software.

According to Apple's Document Revision History, the updated guide covers iOS 12 features like Siri Suggestions, Siri Shortcuts, the Shortcuts app, Screen Time, Password AutoFill Student ID cards, and more.

shortcutslibrary
On Siri Suggestions, for example, Apple explains that suggestions for apps and shortcuts are generated using on-device machine learning, with no data going to Apple except info that can't be used to identify the user.

On the Shortcuts app, Apple explains that shortcuts can be optionally synced across Apple devices using iCloud or shared with other users. Apple protects against malicious JavaScript within shortcuts by updating malware definitions to identify malicious scripts at run-time.

Custom shortcuts can also run user-specified JavaScript on websites in Safari when invoked from the share sheet. In order to protect against malicious JavaScript that, for example, trick the user into running a script on a social media website that harvests their data, updated malware definitions are downloaded to identify malicious scripts at run-time. The first time that a user runs Javascript on a domain, the user is prompted to allow Shortcuts containing javascript to run on the current webpage for that domain.

Screen Time, meanwhile uses CloudKit's end-to-end encryption to protect usage data. Apple only collects Screen Time statistics if iPhone and Apple Watch analytics is turned on, with Apple monitoring whether Screen Time was turned on during Setup Assistant, whether Screen Time is turned on, whether Downtime is enabled, the number of times the "Ask for more" feature is used, and the number of app limits applied.

One interesting bit in the document relates to the new feature that lets a second appearance be added to Face ID in iOS 12. Adding a secondary appearance, says Apple, will decrease the probability that a random person can unlock the iPhone from 1 in 1,000,000 to 1 in 500,000.

The probability that a random person in the population could unlock your iPhone is 1 in 50,000 with Touch ID or 1 in 1,000,000 with Face ID. This probability increases with multiple enrolled fingerprints (up to 1 in 10,000 with five fingerprints) or appearances (up to 1 in 500,000 with two appearances).

Apple's security document explains in detail how each and every iOS 12 feature works and how it's protected. The guide is filled with many small but significant details on iOS 12 features, and for anyone interested in the security of the iPhone and the iPad, the full document is worth checking out.

Top Rated Comments

noraa Avatar
49 months ago
I still don’t understand any of that. Shouldn’t increasing the appearances or fingerprints decrease the probability of false positives, as in make it harder for unauthorized access because there’s more data to screen against before granting access?
No, because adding an additional face or fingerprint isn't giving additional data to an existing entry - it is adding a second entry.

Think of it this way. Let's say you use a 4 digit pin to unlock your phone. The chances of a person guessing that pin is 1 in 10000. Now let's say you can unlock your phone not with just the one pin code, but another pin code. Suddenly, the chance of a person guessing your pin becomes 2 in 10000, or 1 in 5000.

The same idea goes for FaceID and TouchID, the difference being that someone isn't going to be "guessing" your fingerprint or face - but that a person with similar fingerprints or face may be able to unlock the phone. This is called a false positive - someone is able to unlock the phone when they shouldn't be able to (versus a false negative, when someone should be able to unlock the phone but they can't).

At the moment, the false positive rate for FaceID is 1 in 1000000 - i.e. the chance of a person who looks similar enough to you unlocking your phone is 1 in a million. If you add a second appearance (either of your own face or of someone else), then the false positive rate will double to 2 in 1000000, or 1 in 500000.
Score: 5 Votes (Like | Disagree)
jasonefmonk Avatar
49 months ago
Adding a secondary appearance, says Apple, will decrease the probability that a random person can unlock the iPhone from 1 in 1,000,000 to 1 in 500,000.
That is a misinterpretation of the information. Adding additional fingerprints or appearances increases the probability of false positives. It is stated in the quote just after:
The probability that a random person in the population could unlock your iPhone is 1 in 50,000 with Touch ID or 1 in 1,000,000 with Face ID. This probability increases with multiple enrolled fingerprints (up to 1 in 10,000 with five fingerprints) or appearances (up to 1 in 500,000 with two appearances).
Score: 5 Votes (Like | Disagree)
noraa Avatar
49 months ago
I'm sorry but whats the difference between a mathematical representation and a pixel representation? They're both unique so there isn't anything more secure about one vs the other.. You might save some storage space at most.
It’s a huge difference! A mathematical representation isn’t going to be reversed engineered back into your face. Their are no identifying markers to trace it back to you.

Thats what they say, but you don't know if thats what they do. They don't let you verify their software... It's proprietary they can say one thing and do the other... Just like any malicious entity.
It's easy to make a software button look unselected but make the internal choice selected. It's also easy to write around the signed authorization... The fact that they have the ability to do this period should concern people.
If they didn't want people to have access to this information they wouldn't build a door to get it... Which is suspicious in my view. And is probably designed for abuse from the beginning...
Do you really think that Apple would secretly do this? Do you know what kind of PR nightmare that would turn into if someone found out?

Seriously, if you’re this paranoid, just don’t use FaceID. But stop spreading FUD.
Score: 2 Votes (Like | Disagree)
sinsin07 Avatar
49 months ago
I came, I saw, I closed the App.

I am a power user and I can't think of a single use case.
Then that makes you an average user. :p
Score: 2 Votes (Like | Disagree)
OldSchoolMacGuy Avatar
49 months ago
I came, I saw, I closed the App.

I am a power user and I can't think of a single use case.
Then you aren't really a power user.
Score: 2 Votes (Like | Disagree)
Jyby Avatar
49 months ago
Science Rules!
Score: 1 Votes (Like | Disagree)

Popular Stories

2022 back to school apple

Apple Launches 2022 Back to School Offer: Up to $150 Gift Card With Mac or iPad

Friday June 24, 2022 5:08 am PDT by
Apple today launched its annual "Back to School" promotion for college/university students in the United States and Canada. This year's promotion offers a free Apple gift card with the purchase of an eligible Mac or iPad, rather than free AirPods like last year. Apple is also offering students 20% off AppleCare+ plans during the promotion. Apple is offering a $150 gift card with the purchase ...
widgets ios 16 feature

Gurman: iPhone 14 Pro to Feature Always-On Display Showing iOS 16's New Lock Screen Widgets

Sunday June 26, 2022 7:36 am PDT by
iPhone 14 Pro models are widely expected to feature always-on displays that allow users to view glanceable information without having to tap to wake the screen. In the latest edition of his Power On newsletter for Bloomberg, Mark Gurman said the feature will include support for iOS 16's new Lock screen widgets for weather, fitness, and more. "Like the Apple Watch, the iPhone 14 Pro will be...
m2 mac mini screen feature

Gurman: Apple Planning M2 Pro Mac Mini, New Apple TV With A14 Chip, Revamped HomePod With S8 Chip, and More

Sunday June 26, 2022 6:31 am PDT by
In the latest edition of his Power On newsletter for Bloomberg, Mark Gurman outlined additional M2 Macs on Apple's product roadmap, including new Mac mini models with M2 and M2 Pro chips, new 14-inch and 16-inch MacBook Pro models with M2 Pro and M2 Max chips, and a new Mac Pro tower with M2 Ultra and "M2 Extreme" chips. Following the M2 series of Macs, Gurman said the first M3 series of...
13 inch macbook pro m2 mock feature 2

Base 13-Inch MacBook Pro With M2 Chip Has Significantly Slower SSD Speeds

Sunday June 26, 2022 2:52 pm PDT by
Following the launch of Apple's new 13-inch MacBook Pro with the M2 chip, it has been discovered that the $1,299 base model with 256GB of storage has significantly slower SSD read/write speeds compared to the equivalent previous-generation model. YouTube channels such as Max Tech and Created Tech tested the 256GB model with Blackmagic's Disk Speed Test app and found that the SSD's read and...
M2 Pro and Max Feature

Apple's Upcoming M2 Pro Chip for High-End MacBook Pro and Mac Mini Will Reportedly Be 3nm

Monday June 27, 2022 7:31 am PDT by
TSMC will manufacture Apple's upcoming "M2 Pro" and "M3" chips based on its 3nm process, according to Taiwanese industry publication DigiTimes. "Apple reportedly has booked TSMC capacity for its upcoming 3nm M3 and M2 Pro processors," said DigiTimes, in a report focused on competition between chipmakers like TSMC and Samsung to secure 3nm chip orders. As expected, the report said TSMC will...
airpods pro 2 1

AirPods Pro 2 Said to Feature Upgraded H1 Chip, Find My, Heart Rate Detection, USB-C and More

Friday June 24, 2022 9:48 am PDT by
The next-generation AirPods Pro could come with a long list of new features that include heart rate detection, the ability to function as a hearing aid, and a USB-C port according to a report from 52Audio. The site claims that it has received new information on the AirPods Pro 2, and it has used that information to provide some renders on what the earbuds might look like. Design wise, there...
tesla carplay hack

Tesla Apple CarPlay Hack Updated to Work With Any Tesla Model

Monday June 27, 2022 3:38 am PDT by
Polish developer Michał Gapiński has released a new and improved version of his "Tesla Android Project" which brings Apple's CarPlay experience to more Tesla vehicles than ever before. According to Gapiński, version 2022.25.1 provides "100% functional CarPlay integration for any Tesla," and comes with several new features and bug fixes. The project now supports DRM video playback so that...