Apple has provided a full write up of the iOS security architecture used in the iPod, iPhone, and iPad. The document gets into system architecture, encryption and data protection, network security, and device access. It’s an interesting read and may show another change to Apple culture following Tim Cook taking the CEO reigns.
You can read the guide for yourself at http://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf
Commitment to Security
Each component of the iOS security platform, from hardware to encryption to device access, provides organizations with the resources they need to build enterprise-grade security solutions. The sum of these parts gives iOS its industry-leading security features, without making the device difficult or cumbersome to use.
Apple uses this security infrastructure throughout iOS and the iOS apps ecosystem. Hardware-based storage encryption provides instant remote wipe capabilities when a device is lost, and ensures that users can completely remove all corporate and personal information when a device is sold or transferred to another owner. For the collection of diagnostic information, unique identifiers are created to identify a device anonymously.
Safari offers safe browsing with its support for OCSP, EV certificates, and certificate verification warnings. Mail leverages certificates for authenticated and encrypted email by supporting S/MIME. iMessage and FaceTime provide client-to-client encryption as well.
The combination of required code signing, sandboxing, and entitlements in apps provides solid protection against viruses, malware, and other exploits that compromise the security of other platforms. The App Store submission process works to further protect users from these risks by reviewing every app before it’s made available for sale.
Businesses are encouraged to review their IT and security policies to ensure they are taking full advantage of the layers of security technology and features offered by the iOS platform. Apple maintains a dedicated security team to support all Apple products. The team provides security auditing and testing for products under development as well as released products. The Apple team also provides security tools and training, and actively monitors for reports of new security issues and threats. Apple is a member of the Forum of Incident Response and Security Teams (FIRST). For information about reporting issues to Apple and subscribing to security notifications, go to apple.com/support/security.
Apple is committed to incorporating proven encryption methods and creating modern mobile-centric privacy and security technologies to ensure that iOS devices can be used with confidence in any personal or corporate environment.