Apple’s Updated Security Guide for iOS 11.1 and iOS 11.2

Apple’s iOS Security guide is one of the most fascinating technical documents I’ve read in recent years. While the topics are intricate, they’re presented clearly in readable English. Earlier this week, the document was updated with new information on the latest additions to the iOS ecosystem – including Face ID, Apple Pay Cash, and Password AutoFill. There are some interesting details I didn’t know in each section.

On Face ID:

Facial matching is performed within the Secure Enclave using neural networks trained specifically for that purpose. We developed the facial matching neural networks using over a billion images, including IR and depth images collected in studies conducted with the participants’ informed consent. Apple worked with participants from around the world to include a representative group of people accounting for gender, age, ethnicity, and other factors. The studies were augmented as needed to provide a high degree of accuracy for a diverse range of users. Face ID is designed to work with hats, scarves, glasses, contact lenses, and many sunglasses. Furthermore, it’s designed to work indoors, outdoors, and even in total darkness. An additional neural network that’s trained to spot and resist spoofing defends against attempts to unlock your iPhone X with photos or masks.

On Apple Pay Cash, which details the new ‘Apple Payments Inc.’ subsidiary:

When you set up Apple Pay Cash, the same information as when you add a credit or debit card may be shared with our partner bank Green Dot Bank and with Apple Payments Inc., a wholly owned subsidiary created to protect your privacy by storing and processing information separately from the rest of Apple and in a way that the rest of Apple doesn’t know. This information is only used for troubleshooting, fraud prevention, and regulatory purposes.

[…]

Apple Payments Inc. will store and may use your transaction data for troubleshooting, fraud prevention, and regulatory purposes once a transaction is completed. The rest of Apple doesn’t know who you sent money to, received money from, or where you made a purchase with your Apple Pay Cash card.

To read more, get the full PDF here and check out the document revision history for January 2018.