The Circle of Trust: Apple Privacy & Security
Updated: Nov 28, 2020
Privacy is defined as the quality, or state of being apart from company, or observation. Apple is committed to privacy, it's one of their core values. But how does Apple technology protect users?
Apple is committed to respecting human rights, including the right to privacy and freedom of information and expression. Apple says their Human Rights Policy governs how they treat everyone—from customers and teams to business partners and people at every level of the supply chain.
Life, Liberty & the Pursuit of Privacy
"We design our products and services according to the principle of privacy by default and collect only the minimum amount of data necessary to provide our users with a product or service."
But how does Apple accomplish this? What makes Apple's technology solutions more secure? Let's take a deep dive into the technology and methods used to secure our devices in today's world.
To help protect its customers and combat these threats, Apple has added many security and privacy-enhancing features to their devices over the years. Let's first take a look back at where we came from, before diving into where we are now, and finally - where we're headed.
In June, 2007 there was virtually nothing to announce about the security of the first iPhone. When released, the device was more advanced than any other phone in the market, Apple had defined a whole new category - the Smartphone. Consequently almost no one was worried about things like security. Apple added security improvements to the iPhone 2.0 software, with the focus of making the iPhone a viable option for enterprise business - at a time when BlackBerry was king.
The biggest security improvements in iPhone OS 3 was users could enable Find My iPhone. This feature provided the ability to locate a lost or stolen iPhone, with the option to send the device an alert sound and remotely deactivate or wipe the device. In iOS 4, Apple introduced the option to use a password rather than a four-digit PIN to log into an iOS device. Apple also improved privacy in iOS 4 by giving users control over Location Services on an individual, per-app basis.
Location, Location, Location
For iOS 5 Apple designed a new app called Find My Friends which provided the option to share one’s location with other iOS users. Apple began to focus more diligently on privacy when developing this app, making it clear what data would be shared with whom. Location continues to be one of the primary concerns of users, and this has been furthered by Apple with iOS 14.
In iOs 14, Apple introduced a new, more definitive setting within location permissions with the latest version of its operating system. Precise Location: provides users with the choice of whether or not to share their exact location. Precise Location places further responsibility on brands to communicate to users why they should share their location with them.
Introduced with iPhone 11, Apple's new ultra-wide band U1 chip allows the newest models to precisely locate and communicate with other U1-equipped devices. U1 technology also offers improved spatial awareness. It joins other chips developed by Apple, like the W2 and the newer H1 chip found in AirPods. Each chip has a specialized task, helping Apple's devices to work together more efficiently and providing Apple tighter controls over the security of its ecosystem.
AirTags are another definitive location technology coming to Apple. Rumored to be released alongside iPhone 12. AirTags are a small accessory that attaches to items like your keys to keep track of them. Even when AirTags are not connected to the Internet, they send out a constant Bluetooth signal. These signals are captured by nearby iOS devices, with the anonymous and encrypted location data being sent to Apple. It's expected to be so accurate that their location shows up in the Find My app - in an augmented reality view of the room where the device is.
Back On Track
I don't want to list all the updates and enhancements over the years, but up until the release of the Apple 5S in 2013, most of Apple's security enhancements were software based.
It wasn't until after the acquisition of a Florida-based company known as AuthenTec, that security began on a physical layer. In July of 2012 Apple purchased AuthenTec's intellectual properties focused around biometric fingerprint sensors. The Cupertino-based giant agreed to pay $356M - a small chip off Apple's huge block of cash reserves - to purchase this innovative pioneer.
AuthenTec was spun off from Harris Semiconductor in 1998 and went public in 2007, it provided mobile security software licenses and fingerprint sensor technology to computer makers such as HP and Dell. The company's fingerprint technology, was already being used in mobile phones in Japan for authentication of mobile payments, and Apple thought this could bring those services to markets such as the US, where mobile-wallets had not yet caught on.
Paying a 58% premium, Apple agreed to pay $8 per share for Melbourne, Florida-based AuthenTec, which counted Apple rival -- Samsung, among its biggest customers. At the invitation of a UX/UI designer friend I personally visited the company the afternoon of its annual board meeting the year it was acquired.
When I arrived, I became familiar with their technology in a futuristic lobby display, then met with my friend and later communications director Brent Dietz, interviewed in the video below. My designer friend, Stephanie Griffin had taken an interest in my activities in International mobile top-up and my blog series on Mobile Payments Today.
She saw mobile transfer of value as the way forward ... Later that evening we joined a celebration downstairs, where I met CEO, F. Scott Moody. The acquisition was not announced that night, but the AuthenTec executives seemed extremely buoyant and excited about something ...
Secure All the Devices!
So far I have really only talked about security in relation to iOS, however more recently Apple has begun securing all their devices, whether its running iOS or not. If you own an iMac Pro, Mac mini, MacBook Air, or MacBook Pro model introduced in 2018 or later, your Mac has one of the new Apple T2 Security chips inside.
According to Apple the T2 Security Chip brings a new level of integration and security to Mac.
Apple Support says the T2 is Apple's second-generation, custom silicon for Mac. By redesigning and integrating several controllers found in other Mac computers—such as the System Management Controller, image signal processor, audio controller, and SSD controller—the T2 chip delivers new capabilities to your Mac.
For example, the T2 chip enables a new level of security by including a secure enclave coprocessor that secures Touch ID data and provides the foundation for new encrypted storage and secure boot capabilities. And the T2 chip's image signal processor works with the FaceTime HD camera to enable enhanced tone mapping, improved exposure control, and face-detection–based autoexposure and auto white balance. So it not only assists with security, it also processes images.
It actually it has so much to do with image processing that news outlets recently reported that macOS Big Sur, Apple’s upcoming release of its Mac operating system, will finally let you watch 4K HDR Netflix content, but it turns out it’ll only work on 2018 or later Macs with Apple’s T2 security chip. Disappointingly, older iMacs and pre-2018 Mac laptops that could theoretically play Netflix 4K content, whether on their built-in displays or via an 4K or 5K external monitor, won’t be able to.
The T2 security chip is better able to handle 4K content because it also functions as a co-processor. The T2 chip has integrated video processing power, which includes support for the HEVC codec. Content about the latest iMac, says the T2 chip “makes transcoding HEVC video up to twice as fast as the previous generation.” So it's making both your incoming and outgoing video images better - as well as securing your device, kind of a strange combination you say but think about Face ID and then what biometric fingerprint reading really is - it's an image of your fingerprint.
There is a lot of features related to the T2, it enables SecureBoot to ensure that only a legitimate, trusted operating system loads at startup - with three levels of security. Full Security is the default Secure Boot setting, offering the highest level of security. It's interesting to note that Apple directly says that "This is a level of security previously available only on iOS devices."
Here's the Apple Platform Security: Hardware Security Overview, If you want to dig a little further into this - for the sake of brevity I let you learn more about this yourself.
All That, And a Bag of Chips
So as you can see, Apple unlike any other computer hardware manufacturer is extremely focused on your privacy and security. Sure others laptops have have fingerprint readers, Microsoft has recently introduced Windows Hello, and Google tried Project Soli in Pixel 4, but none is as baked-in as deeply as Apple.
And that deep-integration is only going to deeper when Apple Silicon starts replacing Intel chipsets in the Mac lineup. You see when you make the machine, the processor and all the chips that control the machine you can do more to secure the machine. Factor in software that was written specifically for chipsets and hardware and you have developed a circle of trust.
So now we have the T2, W1, W2, H1 & U1 all working in unison. assisting both devices and peripherals including cameras, headphones, and watches. I'd look for all Apple devices including, simple things keyboards and mice to have some sort of chip installed that authenticates it to your other devices. I'd also look for it in peripherals like the forthcoming AirPower charging mat and even the much anticipated Apple Glass - A Simulated Reality pair of glasses.
Now add in AirTags and you have created a secure network of devices and peripherals that all know where are each other are and are all interconnected and integrated with you as the user. All your user information is all stored in what Apple refers to as a Secure Enclave.
According to Apple, their Secure Enclave is a secure coprocessor that includes a hardware-based key manager, which is isolated from the main processor to provide an extra layer of security.
Apple's Secure Enclave is a hardware feature of certain versions of iPhone, iPad, Mac, Apple TV, Apple Watch, and HomePod—more specifically: iPhone 5s and later, iPad Air and up, Macs that contain T1 or T2 Security Chip, Apple TV 4th generation or later, Apple Watch Series 1 up to the new Series 6 and HomePods. Full circle back to AuthenTec, the first device released with a Secure Enclave was the iPhone 5S, the same model that featured Touch ID, the year after the acquisition.
The key data is encrypted in the Secure Enclave system on chip (SoC), which includes a random number generator. It also maintains the integrity of its cryptographic operations even if the device kernel has been compromised - this is the reason for isolating the enclave from the main processor.
Communication between the Secure Enclave and the application processor is tightly controlled by isolating it to an interrupt-driven mailbox and shared memory data buffers. All this data security, interconnection and integration has been going on the whole time - without you even knowing it. User aren't aware of all the processes working in the background that provide an industry-leading experience with an undercarriage of integrity, security and privacy.
Apple introduced Face ID on 2017 iPhone X, announcing a revolutionary new way to securely unlock, authenticate and pay. Face ID revolutionized authentication on iPhone X, using a state-of-the-art TrueDepth camera system comprised of; a dot projector, infrared camera and flood illuminator powered by A11 Bionic to accurately map and recognize a face.
These advanced depth-sensing technologies work together to securely unlock iPhone, enable Apple Pay, gain access to secure apps and many more new features. Notice that the A11 Bionic is the powerhouse behind all the tech included in the notch at the top of the screen. Also notice that Face ID is not yet available on Macs - this will all change when their architecture makes the move to Apple Silicon.
Face ID projects more than 30,000 invisible IR dots. The IR image and dot pattern are pushed through neural networks to create a mathematical model of your face and send the data to the secure enclave to confirm a match, while adapting to physical changes in appearance over time. It's interesting to note that when I was going my Covid beard Face ID had no problem identifying me - even though I hardly recognized myself in the mirror. Masks do impede it though - due to facial measurements involving your nose to authenticate.
All saved facial information is protected by the secure enclave to keep data extremely secure, while all of the processing is done on-device and not in the cloud to protect user privacy. While touting other features of the TrueDepth camera system Apple said, working with A11 Bionic, the TrueDepth camera captures and analyzes over 50 different facial muscle movements. The fun part was the Animoji and later the Memoji the cameras could create. The purpose was to capture as much facial data as possible for security and authentication.
Since it's release Face ID has been confined to iOS devices. However due to the number of components its an expensive option to include in devices. It's interesting to note what devices Apple uses Face ID in, the recent iPhone SE, 8th Generation iPad and new iPad Air do not include it. The SE and iPad utilize Touch ID, while the iPad Air uses Touch ID built into the top sleep/wake/power button for the first time. This tech has been in Apple's arsenal since their acquisition of AuthenTec.
However Apple says there is some improvements over the original AuthenTec technology. On a recent episode of the iJustine and Jenna Ezarik podcast Same Brain, Apple's VP of hardware engineering John Ternus and Apple VP of product marketing Bob Borchers talked about the enhancements to Touch ID.
Borchers said the change as "an incredible feat of engineering to get that fingerprint sensor with all of the capability and all of the security into that form factor." When Justine asked if Touch ID was using the same technology as the familiar button, Ternus said it was more an "evolution of the technology" currently being utilized by the system. "We wanted to get to the full-screen design and so we wanted to get rid of the Home button on the chin, and so we had to come up with another place for the Touch ID sensor."
Mr. Ternus said "What made it so challenging is this really narrow aspect ratio that it has," Ternus offered, due to being on the top of a slimline button. "If you think about it, it's only ever seeing a smaller slice of your fingerprint than what a traditional, you know, what our older sensor could do."
He continued "it has to be incredibly sensitive and it also has to capture as you go through the enrollment process and then as it continues to adapt over time, a broader view of the fingerprints. So no matter how you touch it with your finger, it's got that particular portion captured and so it can do the match."
A "lot of algorithm work, a lot of hardcore silicon" was put into creating "such a capable sensor in such a tiny little space" Mr. Borchers reported. I personally don't recall seeing any sensors of this size when touring AuthenTec all those years ago. The smallest one was on a spacebar of a mechanical mobile keyboard. Apple's redesigned power button Touch ID sensor may find its way into more products in the future, like the iPhone, but there is a rumor that Apple is testing an in-display fingerprint reader that may supersede such a change.
Apple's Optical Transmission, Reception and Sensing via Micro-optics patent details an optical sensor on the screen's underside. It states that this groundbreaking technology "can capture 2D or 3D image information of an object or user," such as fingerprints.
Despite the optical patent there is rumor that Apple could adopt the same methodology that other manufacturers are already employing which scans fingerprints using ultrasonic technology. But as you see, Apple is out to own every piece of technology and chips that makes up their devices.
So I would not be surprised to see the optic method win out over ultrasonic just because of that T2 chips interesting abilities in image processing. Samsung is using Qualcomm technology for their ultrasonic fingerprint readers - I just don't see that happening - Apple wants to own the tech inside and out.
Tying It All Together
By now you should see it's obvious that Apple has to do it this way. The propriety optical sensor stores the fingerprint image in the Secure Enclave and uses the T2 chip in conjunction with the Bionic chipset to process the image allowing Apple ID to unlock the device for use.
It's only through controlling every input and output that you can provide a secure, trusted network of devices and peripherals. From paying in-store with Apple Pay to using Touch ID to buy a movie on your MacBook, Apple chips knows it's you and allows the interaction or transaction to take place.
The biometrics I learned about firsthand all those years ago live on, although now perhaps, under glass. I'm sure AuthenTec's technology has been greatly augmented since being acquired by Apple. Just the advances in the processing power alone makes unlocking devices faster than ever before. I never reviewed all the patents that AuthenTec had related to biometrics, but I know it was extensive. I remember a plaque on the wall by the elevator bank listing all the patents the company had secured. It's interesting to note that F. Scott Moody didn't stop after selling AuthenTec to Apple. He's now CEO of K4Connect, integrating the latest advances in technology to serve and empower older adults and those living with disabilities. He should be commended for his vision of the future.
On the bottom of every Apple Press Release there is the following self-description of the company.
Apple revolutionized personal technology with the introduction of the Macintosh in 1984. Today, Apple leads the world in innovation with iPhone, iPad, Mac, Apple Watch and Apple TV. Apple’s four software platforms — iOS, macOS, watchOS and tvOS — provide seamless experiences across all Apple devices and empower people with breakthrough services including the App Store, Apple Music, Apple Pay and iCloud. Apple’s more than 100,000 employees are dedicated to making the best products on earth, and to leaving the world better than we found it.
I'd like to say that at this level of sophistication, the age-old derogatory, "walled garden descriptor that has been beat to death should be discarded, and the new adage should be - Circle of Trust.