updated 10:27 pm EDT, Mon June 4, 2012
Details extensive security architecture, philosophy
Without fanfare, Apple has recently published an extensive guide to both the mechanics and the philosophy taken with regards to security in iOS, discussing the architecture, encryption, network security and interaction with other devices among other topics. The paper, which lays out the company's approach to security, basically demonstrates the advanced security concepts that have lead to such practices as the sandboxing of apps due to be copied into OS X Mountain Lion.
The 19-page document discusses such topics as app code signing, classes, keychain data protection, network protocols such as Bluetooth and SSL, along with iOS enterprise security features such as configuration enforcement and remote wiping of lost or stolen devices. It goes into depth about how the company views security on iOS devices, saying that "the combination of required code signing, sandboxing, and entitlements in apps provides solid protection against viruses, malware, and other exploits that compromise the security of other platforms. The App Store submission process works to further protect users from these risks by reviewing every app before itís made available for sale."
Saying that "Apple has designed the iOS platform with security at its core," the document repackages information that was previously available to developers but makes it more public and accessible. The company has been on a campaign of late to make some of its processes and methodology more transparent, including reports that named suppliers (as part of an overall effort to shed light on Chinese factory work conditions) and efforts to be more environmentally responsible.