The most personal technology must also be the most private.
As you add photos, messages, contacts, and credit cards to your Apple devices, they become more personal. So we design innovative ways to protect that data. And we build powerful safeguards into our operating systems, our apps, and the devices themselves. Because the things you rely on every day should keep your personal information safe.
When you pay for groceries, message a friend, track a workout, or share a photo, you shouldn’t have to worry about your information falling into the wrong hands. The personal data on your devices should be protected and never shared without your permission. That’s why we build strong, innovative safeguards into the things we make.
Encryption protects trillions of online transactions every day. Whether you’re shopping or paying a bill, you’re using encryption. It turns your data into indecipherable text that can only be read by the right key. We’ve been protecting your data for over a decade with SSL and TLS in Safari, FileVault on Mac, and encryption that’s built into iOS. We also refuse to add a "backdoor" into any of our products because that undermines the protections we’ve built in. And we can’t unlock your device for anyone because you hold the key — your unique password. We’re committed to using powerful encryption because you should know the data on your device and the information you share with others is protected.
iMessage and FaceTime
Your iMessages and FaceTime calls are your business, not ours. Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode. Apple has no way to decrypt iMessage and FaceTime data when it’s in transit between devices. So unlike other companies’ messaging services, Apple doesn’t scan your communications, and we wouldn’t be able to comply with a wiretap order even if we wanted to. While we do back up iMessage and SMS messages for your convenience using iCloud Backup, you can turn it off whenever you want. And we don’t store FaceTime calls on any servers.
Health and Fitness
The Health app lets you keep all your health and fitness information in one place, on your device and under your control. The information you add about yourself is yours to use and share. You decide what information is placed in the Health app, as well as which third-party apps can access your data. When your phone is locked with a passcode or Touch ID, all of your health and fitness data in the Health app is encrypted. And any Health data backed up to iCloud is encrypted both in transit and on our servers.
A lot of people would like to know where you go and what you do on the web. Safari helps keep them from finding out. The first browser ever to block third-party cookies by default and offer private browsing, Safari is built to offer the safest browsing possible. It also automatically prevents suspicious sites from loading, and uses sandboxing to help keep harmful code confined to a single browser tab so it can’t reach the rest of your data.
Safari content blockers have been around a long time. They provide a platform for third-party developers to block unwanted content and better protect your privacy. Now we’re enabling app developers to bring these blockers to iOS and make them even more effective on OS X. You can use them to control what content is loaded onto your browser, and to block content from anyone attempting to track your activity on a website or across websites. And Safari content blocker support is designed in such a way that the content blocker can’t send information to developers about the sites you visit.
So much of your digital life now lives in the cloud. And we’re committed to making that experience simple and secure. Some companies mine your cloud data or email for personal information to serve you targeted ads. We don’t.
All your iCloud content like your photos, contacts, and reminders is encrypted when sent and, in most cases, when stored on our servers. All traffic between any email app you use and our iCloud mail servers is encrypted. And our iCloud servers support encryption in transit with other email providers that support it.
If we use third-party vendors to store your information, we encrypt it and never give them the keys. Apple retains the encryption keys in our own data centers, so you can back up, sync, and share your iCloud data. iCloud Keychain stores your passwords and credit card information in such a way that Apple cannot read or access them.
We use only the necessary data to help create the best experience for you, whether you’re using Maps to locate a restaurant or Apple Music to discover a new artist. And we never sell your data. We know that the more personal your device becomes, the more critical it is to respect the data that’s on it.
Apple Music delivers everything you love about music, including suggestions for albums, playlists, and songs you might like. In order for features like Radio, For You, and Connect to reflect your musical tastes, we collect some information about your activity in the app. This is spelled out in “About Apple Music & Privacy” during setup and is also available here. The songs you stream aren’t used by any other service to advertise to you. And if you don’t want to keep your music collection on our servers, you can opt out of iCloud Music Library.
Other companies try to build a profile about you using a complete history of everywhere you’ve been, usually because they’re targeting you for advertisers. Since our business doesn’t depend on advertising, we have no interest in doing this — and we couldn’t even if we wanted to. We’re more interested in letting you know when it’s time to leave for your next appointment. You don’t have to sign in to use Maps, and it only knows you by a random identifier that resets itself frequently as you use the app. Maps is also engineered to separate the data about your trips — including public transit directions — into segments, to keep Apple or anyone else from putting together a complete picture of your travels. Helping you get from Point A to Point B matters a great deal to us, but knowing the history of all your Point A’s and Point B’s doesn’t.
Searching with Spotlight goes beyond your device to give you suggestions from sources like Wikipedia, the iTunes Store, and local News and Maps results. Before it answers, Spotlight considers things like context and location. It also protects your privacy by only associating your location with a random rotating identifier that refreshes every 15 minutes. You can always opt out of Suggestions and continue to use Spotlight solely for local search on your device. You can also opt out of having Spotlight use Location Services anytime you want. If you opt out, Spotlight will still use your IP address to determine a general location to make your searches more relevant. Unlike our competitors, we don’t use a persistent personal identifier to tie your searches to you in order to build a profile based on your search history. We also place restrictions on our partners so they don’t create a long-term trail of identifiable searches by you or from your device.
To make it even easier to get to just the right spot in your favorite app, we’ve built support for deep linking into iOS. A user can tap a link and it will open in the corresponding app if the app has been installed and supports deep linking. We do not associate this with your Apple ID, and Apple does not know which links you tap.
We give developers the best tools to keep your data safe.
We’ve given developers strong tools such as Touch ID APIs, 256-bit encryption, and app transport security so they can build secure apps. And all apps are sandboxed so your personal information is protected. We also require developers to ask for permission before accessing personal information like your photos and contacts.
On the App Store, we require app developers to agree to specific guidelines that are designed to protect user privacy and security. When we become aware of an app that violates our guidelines, the developer must address the issue or be removed from the App Store. We make it easy for apps to connect to servers securely. Apple curates apps listed in the App Store to make sure that each app functions the way it’s described by the developer. To protect you even further, once an app is installed on your device, you are prompted for permission the first time it tries to access information such as your location or photos. Of course, you always have the power to make changes to the permissions you’ve granted.
We also make sure that there are certain types of data on your device that apps simply can’t access, and that there is no way for an app to ask for complete access to all of your data. We were the first to provide this level of security, and we will continue to build strong safeguards into our platforms.
HomeKit introduces a new way for you to control Wi-Fi – and Bluetooth-enabled accessories, such as your lights and thermostat. We’ve taken great care to make sure that convenience doesn’t come at the expense of your privacy.
Apple does not know what devices you’re controlling, or how and when you’re using them. Siri only associates your HomeKit devices with your anonymous Siri identifier, not you personally. Apps supported by HomeKit are restricted by our developer guidelines to using data solely for home configuration or automation services. Data related to your home is stored encrypted in the keychain of your device. It’s also encrypted in transit between your Apple device and those you’re controlling. And when you control your accessories from a remote location, that data is also encrypted when it’s sent. So HomeKit doesn’t know which devices you’re controlling or how you’re using them.
In addition, when apps perform automatic actions based on your location, such as turning on house lights, these actions are initiated by HomeKit, which makes your location invisible to the app. You can also disable use of your location at any time.
ResearchKit and CareKit
ResearchKit and CareKit are open source software frameworks that take advantage of the capabilities of iPhone. ResearchKit enables developers to create apps that let medical researchers gather robust and meaningful data for studies. And CareKit is a platform for developers to create apps that help individuals take a more active role in their own well-being.
But we also know that nothing is more important than the privacy of your information, and both ResearchKit and CareKit have been designed with that in mind. You choose which studies you want to join and share with researchers or doctors, and you control the information you provide to individual apps. Apps using ResearchKit or CareKit can pull data from the Health app only with your consent. If you choose to back up your Health app data to iCloud, it is always encrypted when stored and transmitted. Any apps built using ResearchKit for health-related human subject research must obtain consent from the participants and must provide information about confidentiality rights and the sharing and handling of data. And these apps must also be approved by an independent ethics review board before the study can even begin.
For certain ResearchKit studies, Apple will be listed as a researcher, receiving data from participants who consent to share their data with researchers, so we can participate with the larger research community in exploring how our technology could improve the way people manage their health.
CloudKit helps keep your preferences, settings, and app data up to date across your devices. With an app that uses CloudKit, you are automatically signed in with your Apple ID, which means you don’t have to create a new account or provide other personal information. So you’ll always have access to your latest information in the app without having to remember new user names or passwords.
By default, developers don’t have access to your Apple ID, just a unique identifier. If you give your permission, developers can use your email to let others find you in their app. You’re always in control of these permissions and you can turn them on or off at any time. Your data isn’t shared with developers, unless you choose to share or post publicly.