A version of this essay was originally published at Tech.pinions, a website dedicated to informed opinions, insight and perspective on the tech industry.
At a security “deep dive” at Apple last Friday, executives went into Apple’s security philosophy and its technological approach to the matter in depth. I’ve sat through many technology company’s technical briefings, but never one from Apple that went deeper on custom silicon solutions than I had seen before. I’ll weave some technical tidbits I learned into this article, but a theme emerged that struck me. More than a handful of times, presenters used the phrase “balancing security with ease of use.”
Apple is attempting something that seems unprecedented at an industry level: To bring industry-leading security, but to do so by actually enhancing the user experience.
This seemed to be a key phrase and philosophy that is driving Apple’s thinking. The more I thought about it, the more it made sense in light of so many other security issues that exist in corporate, government and other high-security environments where computers are used. You can build Fort Knox-level security into a personal computer, but it would come at the expense of user experience — and often does. Apple is attempting something that seems unprecedented at an industry level: To bring industry-leading security, but do so by actually enhancing the user experience.
Prior to Touch ID, for example, many organizations required PINs that were eight characters, sometimes more. Imagine entering that many numbers every time you pick up your smartphone. To emphasize this point, Apple shared a great statistic: Its average users unlock their phones 80 times a day. Other reports state that people look at their phones upward of 130 times a day, but those are less of the average and more the heavier users.
Regardless, the simple act of logging into our phone via a secure form of login, like pass codes or fingerprints, is now taken for granted in much of Apple’s ecosystem, when just a few years ago, anyone could have stolen my phone and had access to my personal information. Here again, Apple shared that 89 percent of their users with a Touch ID-capable device have set it up and use it.
It can’t be overstated how essential Apple’s custom-designed silicon is to the security of iOS products.
In our own consumer study of iPhone owners, we learned that 85 percent of respondents said they use either Touch ID or a PIN to log in to their iOS device. Again, this seems unprecedented, given where we were in consumer security just a few years ago. Touch ID is a clear example of enhanced security and enhanced user experience. It is difficult to objectively argue that logging in to our devices with Touch ID is not only faster, more natural and more efficient than the old swipe to log in, but it is also inherently more secure.
After sitting through the technical explanations of how Apple has specifically designed the interplay of custom silicon like the A-series processors, iOS and the Secure Enclave coprocessor, I came to the realization that, while I knew the iPhone was a secure device, I really had no idea just how secure it actually is. It can’t be overstated how essential Apple’s custom-designed silicon is to the security of iOS products. For example, in a Mac, running software designed by Apple but using a main CPU and GPU made by Intel/AMD/Nvidia, they have put security measures in place including encrypting the entire storage disk. However, with the custom A-series processors, custom-designed secure enclave coprocessor and custom-designed iOS, Apple is able to encrypt every single file on your iOS device, not just the entire disk.
Secure Enclave: A security-designed coprocessor
I came away from this discussion with a much greater appreciation of the Secure Enclave. Some details on this product are outlined in Apple’s Security White Paper, but we were given a bit more depth at this briefing. Yet I still desire a great deal more technical details should we be able to acquire them at some point. From the white paper, here is some detail on the Secure Enclave:
The Secure Enclave is a coprocessor fabricated in the Apple A7 or later A-series processor. It utilizes its own secure boot and personalized software update separate from the application processor. It provides all cryptographic operations for Data Protection key management, and maintains the integrity of Data Protection even if the kernel has been compromised.
The Secure Enclave uses encrypted memory and includes a hardware random-number generator. Its microkernel is based on the L4 family, with modifications by Apple. Communication between the Secure Enclave and the application processor is isolated to an interrupt-driven mailbox and shared-memory data buffers.
Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, entangled with its UID, and used to encrypt the Secure Enclave’s portion of the device’s memory space.
There is a great deal of security “magic” that happens in the Secure Enclave, but this coprocessor sits at the heart of Apple’s encryption techniques. Everything from booting up securely to individual file level encryption runs through the secure enclave. This means that someone can’t hack into just part of my phone and get some of the data. It is all protected and encrypted. A hacker needs my passcode or she gets nothing. There is no middle ground. Apple’s security designed ecosystem runs through a series of trusted chains with the secure enclave at the center. It is a deep system of trust built from the silicon up.
The security battle
What I find most interesting about Apple’s story around security is how it goes much deeper than a feature. While security, in this case, could be perceived as a feature, my read on what Apple is doing is going a step beyond simply making security a feature and making it a priority. It is a deep guiding philosophy to which Apple appears to be unwaveringly dedicated.
Apple is making it so consumers don’t have to care about security. Apple is simply doing it anyway, and going out of its way to ensure consumers have the best security possible at the moment, and making secure environments the default while also enhancing the user experience.
In an age where billions of consumers are now using computers more often than they ever did at any point in history, it is clear that we are in a new era of consumer computing being led by smartphones. Looking back historically at the efforts of hackers in the PC era, one can only imagine it would be magnitudes worse in this era with more people online than ever. Some may argue that Apple is emphasizing and picking this battle when consumers really don’t care much about security and privacy.
The big debate about how much consumers care about security is certainly a valid one. What I appreciate about Apple’s efforts is that the company is making it so consumers don’t have to care. Apple is simply doing it anyway, and going out of its way to ensure consumers have the best security possible at the moment, and making secure environments the default while also enhancing the user experience. Which is not only the way it should be — it’s the right thing to do.
Ben Bajarin is a principal analyst at Creative Strategies Inc., an industry analysis, market intelligence and research firm located in Silicon Valley. His primary focus is consumer technology and market trend research. He is a husband, father, gadget enthusiast, trend spotter, early adopter and hobby farmer. Reach him @BenBajarin.
This article originally appeared on Recode.net.