Following the release of iOS 12, Apple on Monday issued as revised version of its iOS Security Guide detailing new features and system improvements including Siri Suggestions, the new Shortcuts app, Screen Time and more.
According to a revision history provided by Apple, the Security Guide includes a number of new entries and enhancements specific to iOS 12, including iOS device secure enclaves, Express Card with power reserve, DFU and Recovery Mode, contactless passes and security certifications and programs. Marquee features like Siri Suggestions, the Shortcuts app, Screen Time and HomeKit TV Remote accessories are also listed as topics of discussions.
Starting with Siri, the paper notes Siri Suggestions for apps and shortcuts are generated on-device using machine learning assets, while anonymized data is returned to Apple to help inform more accurate predictions.
"Custom shortcuts are versatile— they're similar to scripts or programs. A quarantine system is used to isolate shortcuts that were downloaded from the internet," Apple says. "The user is warned the first time they try to use the shortcut and given an opportunity to inspect the shortcut, including information about where it originated."
Further, since shortcuts can run JavaScript on specified websites, iOS downloads and updates malware definitions when a shortcut runs to prevent against malware exposure. When a shortcut containing JavaScript is run for the first time on a particular web domain, users are met with a prompt that either cancels the operation or allows it to continue.
Shortcuts, enabled through an eponymous app, are synced across all logged-in devices via iCloud, making customizable Siri commands available at multiple end points. All information is protected using CloudKit end-to-end encryption, and while phrases are sent to Siri's servers for speech recognition, Apple does not receive the contents of created shortcuts.
A broad overview of Screen Time, Apple's app usage tracking solution, is also included in the updated Security Guide. Apple notes the new feature lets users view usage data, set app or web usage limits, configure Downtime and enforce additional restrictions. Downtime allows users to set app time limits and quiet hours to control app usage.
Apple points out that parents can control Screen Time parameters and monitor their children's usage habits, restrictions and tools that can be disabled by the child on their eighteenth birthday.
If a user has the Share iPhone & Watch Analytics setting enabled on their device, Apple collects a small amount of anonymized data to understand how Screen Time is being used. Data points include when Screen Time was activated, whether it is enabled, whether Downtime is enabled, the number of times the "Ask for more" query was used and the number of app limits currently active on a device.
Of interest to users holding Express Cards like transit or student ID cards, Apple says NFC-enabled cards provisioned on iPhone can be used even when iOS is not running due to low battery. According to the company, a device that requires charging might have enough power left to conduct Express Card transactions.
"Pressing the side button displays the low battery icon as well as text indicating Express Cards are available to use," Apple says. "The NFC controller performs express card transactions under the same conditions as when iOS is running, except that transactions are indicated with only haptic notification. No visible notification is shown."
Helping to cut down on battery expenditure, Express Mode cards can be accessed without Touch ID, Face ID or passcode authentication.
Student ID support is also new in iOS 12. The feature allows students, faculty, and staff to provision their ID card to Wallet through an app provided by the issuing institution. Of note, issuing apps need to support two-factor authentication for account access, while adding said cards to Wallet automatically enable Express Mode.
A section on HomeKit TV Remote details future support for Siri-enabled remote control hardware, including how the system processes Siri commands.
"Third-party HomeKit TV Remote accessories provide HID events and Siri audio to an associated Apple TV added via the Home app," the paper reads. "The HID events are sent over the secure session between the Apple TV and the Remote. A Siri-capable TV Remote sends audio data to the Apple TV when the user explicitly activates the microphone on the Remote using a dedicated Siri button. The audio frames are sent directly to the Apple TV using a dedicated local network connection between the Apple TV and the Remote"
Those interested in taking a deeper look at the ins and outs of iOS 12 security, as well as details on a number of new features, can read the entire white paper that was posted to Apple's website as a PDF today.
Apple typically updates the Security Guide with every major iOS release, offering security and safety information on the operating system's latest core functions and additions. The white paper was last updated in July to cover HomeKit, Apple Pay, Business Chat and other iOS 11.4 features.
2 Comments
Curious if the student ID thing will support the NFC part. I carry the ID card around all day just to open doors.