Apple has released a detailed security guide for its iOS operating system, an unprecedented move for a company known for not discussing the technical details of its products, let alone the security architecture. The document lays out the system architecture, data protection capabilities and network security features in iOS, most of which had been known before but hadn’t been publicly discussed by Apple.
The iOS Security guide, released within the last week, represents Apple’s first real public documentation of the security architecture and feature set in iOS, the operating system that runs on iPhones, iPads and iPod Touch devices. Security researchers have been doing ther best to reverse engineer the operating system for several years and much of what’s in the new Apple guide has been discussed in presentations and talks by researchers.
One of the more-discussed security elements in iOS is the implementation of ASLR (address space layout randomization), an exploit mitigation that’s designed to prevent attackers from using memory corruption bugs. Researchers discovered the addition of ASLR to iOS, but Apple never really talked about it.
“Built-in apps use ASLR to ensure that all memory regions are randomized upon launch. Additionally, system shared library locations are randomized at each device startup. Xcode, the iOS development environment, automatically compiles third-party programs with ASLR support turned on,” the security guide says.
The document also talks in detail about the way that Apple’s code-signing process for iOS apps works. The process is key to the company’s ability to control which apps are allowed to run on iOS devices and also a central part of its security architecture. This code-signing system is one of the main features cited by security experts when they discuss the security capabilities of iOS relative to Android and other mobile operating systems.
“To ensure that all apps come from a known and approved source and have not been tampered with, iOS requires that all executable code be signed using an Apple-issued certificate. Apps provided with the device, like Mail and Safari, are signed by Apple. Third-party apps must also be validated and signed using an Apple-issued certificate. Mandatory code signing extends the concept of chain of trust from the OS to apps, and prevents third-party apps from loading unsigned code resources or using selfmodifying code,” Apple’s security guide says.
“In order to develop and install apps on iOS devices, developers must register with Apple and join the iOS Developer Program. The real-world identity of each developer, whether an individual or a business, is verified by Apple before their certificate is
issued. This certificate enables developers to sign apps and submit them to the App Store for distribution. As a result, all apps in the App Store have been submitted by an identifiable person or organization, serving as a deterrent to the creation of malicious
apps. They have also been reviewed by Apple to ensure they operate as described and don’t contain obvious bugs or other problems. In addition to the technology already discussed, this curation process gives customers confidence in the quality of
the apps they buy.”
Charlie Miller, a principal research consultant at Accuvant and co-author of the recent iOS Hacker’s Handbook, said that while there isn’t a lot of new information in the Apple security guide, its publication is an important event.
“Apple doesn’t really talk about their security mechanisms in detail. When they introduced ASLR, they didn’t tell anybody. They didn’t ever explain how codesigning worked,” Miller said. “There isn’t anything really new in that doc, which means that the research community ‘worked’, that is without anybody telling us, we figured out how the thing worked and why it was good (or not so much).”