This latest iteration contains more and updated details about Apple Pay Cash, security certifications and programs, Touch ID and Face ID, Shared Notes, CloudKit end-to-end encryption, TLS, Apple Pay, Paying with Apple Pay on the web, Siri Suggestions, and the Shared iPad feature.
For example, the updated document notes that, as of iOS 11 and macOS High Sierra, SHA-1 certificates are no longer allowed for TLS connections unless trusted by the user and certificates with RSA keys shorter than 2048 bits are disallowed.
It also explains, in detail, about the security of Apple Pay Cash, a peer-to-peer payments system launched by Apple in June 2017.
Apparently, the information provided to Apple when setting up the system will be shared with their partner bank (Green Dot Bank) and with Apple Payments Inc., “a wholly owned subsidiary created to protect your privacy by storing and processing information separately from the rest of Apple and in a way that the rest of Apple doesn’t know.”
“This information and transaction data will be used for troubleshooting, fraud prevention, and regulatory purposes, but “the rest of Apple doesn’t know who you sent money to, received money from, or where you made a purchase with your Apple Pay Cash card,” the company pointed out.
Apple has also previously shared information about Face ID in a separate document in September 2017, just as it introduced this newest biometric authentication option. That info has now been added to the overarching iOS security guide.
For everybody that’s interested in the security of iOS devices and associated services, the white paper should be an interesting read.