Apple has quietly made public a May 2012 report highlighting security features in iOS that contains details on the extensive efforts the company has undertaken to secure its mobile operating system.
“Apple designed the iOS platform with security at its core,” the paper begins. It appears to have been written to help convince enterprise customers that iOS is secure enough for their needs.
According to the company, iOS devices include “low-level and firmware features” to protect against malicious software and “high-level OS features” that “allow secure access to personal information and corporate data, prevent unauthorized use, and help thwart attacks.”
Subsections of the report include discussions of system architecture, encryption and data protection, network security and device access.
With respect to system architecture, Apple highlighted the secure boot chain that takes place on iOS devices. It also detailed the DFU (device firmware upgrade) recovery mode.
A visual overview of iOS security features
“When an iOS device is turned on, its application processor immediately executes code from read-only memory known as the Boot ROM. This immutable code is laid down during chip fabrication, and is implicitly trusted,” the paper said.
Other architecture-level security features include system software personalization, which prevents downgrading of iOS devices to older versions; app code signing, which prevents unsigned code from being run and runtime process security, which includes “sandboxing” and entitlements.
As for encryption and data protection, Apple touted the cryptographic hardware engines in iOS and the security features surrounding device Unique IDs and Group IDs. The company also described its “Data Protection” feature that keeps data locked while still allowing iOS devices to receive calls and notifications.
Apple’s report details the various steps used to encrypt individual iOS files
Apple also pointed to several features in iOS meant to provide enhanced network security on its devices.
“iOS usesand provides developer access tostandard networking protocols for authenticated, authorized, and encrypted communications,” the report read. “iOS provides proven technologies and the latest standards to accomplish these security objectives for both Wi-Fi and cellular data network connections.”
A final subsection on device access provides information for enterprise administrators on setting up configurations, mobile device management (MDM) and device restrictions.
Apple also revealed that it maintains a “dedicated security team to support all Apple products.” That team performs “security auditing and testing” of in-development and released products, provides “security tools and training” and “actively monitors” for new threats.
“Each component of the iOS security platform, from hardware to encryption to device access, provides organizations with the resources they need to build enterprise-grade security solutions. The sum of these parts gives iOS its industry-leading security features, without making the device difficult or cumbersome to use,” the report’s conclusion noted.
Apple has made inroads into the enterprise with its iPhone and iPad, but it has also faced some CIO hesitation over security concerns. For instance, IBM recently banned the Siri voice assistant feature from its internal networks because Siri must contact an external network to provide answers to queries.