The most personal technology must also be the most private.
As you add photos, messages, contacts and credit cards to your Apple devices, they become more personal. So we design innovative ways to protect that data. And we build powerful safeguards into our operating systems, our apps and the devices themselves. Because the things you rely on every day should keep your personal information safe.
When you pay for shopping, message a friend, track a workout or share a photo, you shouldn’t have to worry about your information falling into the wrong hands. The personal data on your devices should be protected and never shared without your permission. That’s why we build strong, innovative safeguards into the things we make.
Encryption protects trillions of online transactions every day. Whether you’re shopping or paying a bill, you’re using encryption. It turns your data into indecipherable text that can only be read with the right key. We’ve been protecting your data for over a decade with SSL and TLS in Safari, FileVault on Mac, and encryption that’s built into iOS. We also refuse to add a backdoor into any of our products because that undermines the protections we’ve built in. And we can’t unlock your device for anyone because you hold the key — your unique password. We’re committed to using powerful encryption because you should know the data on your device and the information you share with others is protected.
Apple Pay lets you pay in an easy, secure and private way. And it works on iPhone, iPad and Apple Watch.
When you add a credit, debit or store card to Apple Pay, we securely send your card information, along with other information about your account and device, to your bank. Using this information, your bank will determine whether to approve adding your card to Apple Pay.
Your actual card numbers are not stored on the device or on Apple servers. Instead, a unique Device Account Number is created, encrypted in such a way that Apple can’t decrypt, and stored in the Secure Element of your device. The Device Account Number in the Secure Element is walled off from your iOS device and Apple Watch, is never stored on Apple Pay servers and is never backed up to iCloud.
When you pay in shops, the Device Account Number and a transaction-specific, dynamic security code are used when processing your payment. So neither Apple nor your device sends your actual credit or debit card numbers to merchants. We may receive anonymous transaction information such as the approximate time and location of the transaction, which helps us improve Apple Pay and other Apple products and services.
When you use a rewards card, we protect your identity. Anytime a card uses personally identifiable information — like your email address or phone number — we require that the data be encrypted when it’s sent. No rewards information is shared without your permission.
Your iMessages and FaceTime calls are your business, not ours. Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode. Apple has no way to decrypt iMessage and FaceTime data when it’s in transit between devices. So unlike other companies’ messaging services, Apple doesn’t scan your communications, and we wouldn’t be able to comply with a wiretap order even if we wanted to. While we do back up iMessage and SMS messages for your convenience using iCloud Backup, you can turn it off whenever you want. And we don’t store FaceTime calls on any servers.
Health and Fitness
The Health app lets you keep all your health and fitness information in one place, on your device and under your control. The information you add about yourself is yours to use and share. You decide what information is placed in the Health app, as well as which third-party apps can access your data. When your phone is locked with a passcode or Touch ID, all your health and fitness data in the Health app is encrypted. And any Health data backed up to iCloud is encrypted both in transit and on our servers.
A lot of people would like to know where you go and what you do on the web. Safari helps keep them from finding out. The first browser ever to block third-party cookies by default and offer private browsing, Safari is built to offer the safest browsing possible. It also automatically prevents suspicious sites from loading, and uses sandboxing to help keep harmful code confined to a single browser tab so it can’t reach the rest of your data.
Safari content blockers have been around a long time. They provide a platform for third-party developers to block unwanted content and better protect your privacy. Now we’re enabling app developers to bring these blockers to iOS and make them even more effective on OS X. You can use them to control what content is loaded onto your browser, and to block content from anyone attempting to track your activity on a website or across websites. And Safari content blocker support is designed in such a way that the content blocker can’t send information to developers about the sites you visit.
So much of your digital life now lives in the cloud. And we’re committed to making that experience simple and secure. Some companies mine your cloud data or email for personal information to serve you targeted ads. We don’t.
All your iCloud content like your photos, contacts and reminders is encrypted when sent and, in most cases, when stored on our servers. All traffic between any email app you use and our iCloud mail servers is encrypted. And our iCloud servers support encryption in transit with other email providers that support it.
If we use third-party vendors to store your information, we encrypt it and never give them the keys. Apple retains the encryption keys in our own data centres, so you can back up, sync and share your iCloud data. iCloud Keychain stores your passwords and credit card information in such a way that Apple cannot read or access them.
We use only the necessary data to help create the best experience for you, whether you’re using Maps to locate a restaurant or Apple Music to discover a new artist. And we never sell your data. We know that the more personal your device becomes, the more critical it is to respect the data that’s on it.
Siri and Dictation
The longer you use Siri and Dictation, the better they understand you and the better they work. To help them recognise your pronunciation and provide better responses, certain information such as your name, contacts and songs in your music library is sent to Apple servers using encrypted protocols. That said, Siri and Dictation do not associate this information with your Apple ID, but rather with your device through a random identifier. Apple Watch uses the Siri identifier from your iPhone. You can reset that identifier at any time by turning Siri and Dictation off and back on, effectively restarting your relationship with Siri and Dictation. When you turn Siri and Dictation off, Apple will delete the User Data associated with your Siri identifier, and the learning process will start all over again.
When you use Siri to search by location or album name in the Photos app, we never send your photos or any information about them. Album names are only sent to Siri to help provide you with better results.
If you have Location Services turned on, the location of your device at the time you make a request will also be sent to Apple to help Siri improve the accuracy of its response to your requests. You may choose to turn off Location Services for Siri and Dictation in your Privacy settings.
You can also receive helpful suggestions before you even ask, based on the things you use often and when you typically use them. These predictions are kept on your device, not in the cloud, so the information is protected by all the safeguards that are built in. Which means private information like your email, contacts, app usage and calendar can stay private. Suggested events from Mail do not leave your device until they are confirmed by you, and only then are they added to your calendar.
Certain features do require real-time input from Apple servers. For example, event addresses and a user’s location are sent to Apple so that we can provide accurate Time to Leave predictions that take into consideration traffic and local public transport schedules. Information like a user’s location may be sent to Apple to provide localised suggestions as well as relevant news and search results. When we do send information to a server, we protect your privacy by using anonymised rotating identifiers so that searches and locations can’t be traced to you personally. And you can disable Location Services, our new proactive features or the proactive features’ use of your location at any time.
Apple Music delivers everything you love about music, including suggestions for albums, playlists and songs you might like. In order for features like Radio, For You and Connect to reflect your musical tastes, we collect some information about your activity in the app. This is spelled out in “About Apple Music & Privacy” during setup and is also available here. The songs you stream aren’t used by any other service to advertise to you. And if you don’t want to keep your music collection on our servers, you can opt out of iCloud Music Library.
News delivers the stories and topics you’re interested in while taking measures to avoid intruding on your privacy. The more you read, the more personalised the News app becomes. We don’t link your reading activity to other Apple services. Information we collect about articles you read is used to improve News. This information is linked to an anonymous, News-specific identifier. You can reset your News identifier at any time by clearing your history. As a convenience, Apple News uses iCloud to keep aspects of your experience up to date on all your devices. Recommendations are created locally on your device and are not sent to Apple.
While News is ad supported — ads are served based on the articles you read — this information cannot be used to target ads to you outside the News app. We never provide publishers with information to track you. And you can turn on Limit Ad Tracking to stop receiving targeted ads.
Other companies try to build a profile about you using a complete history of everywhere you’ve been, usually because they’re targeting you for advertisers. Since our business doesn’t depend on advertising, we have no interest in doing this — and we couldn’t even if we wanted to. We’re more interested in letting you know when it’s time to leave for your next appointment. You don’t have to sign in to use Maps, and it only knows you by a random identifier that resets itself frequently as you use the app. Maps is also engineered to separate the data about your trips — including public transport directions — into segments, to keep Apple or anyone else from putting together a complete picture of your travels. Helping you get from Point A to Point B matters a great deal to us, but knowing the history of all your Point A’s and Point B’s doesn’t.
Searching with Spotlight goes beyond your device to give you suggestions from sources like Wikipedia, the iTunes Store, and local News and Maps results. Before it answers, Spotlight considers things like context and location. It also protects your privacy by only associating your location with a random rotating identifier that refreshes every 15 minutes. You can always opt out of Suggestions and continue to use Spotlight solely for local search on your device. You can also opt out of having Spotlight use Location Services anytime you want. If you opt out, Spotlight will still use your IP address to determine a general location to make your searches more relevant. Unlike our competitors, we don’t use a persistent personal identifier to tie your searches to you in order to build a profile based on your search history. We also place restrictions on our partners so they don’t create a long-term trail of identifiable searches by you or from your device.
To make it even easier to get to just the right spot in your favourite app, we’ve built support for deep linking into iOS. A user can tap a link and it will open in the corresponding app if the app has been installed and supports deep linking. We do not associate this with your Apple ID, and Apple does not know which links you tap.
We give developers the best tools to keep your data safe.
We’ve given developers strong tools such as Touch ID APIs, 256-bit encryption and app transport security so they can build secure apps. And all apps are sandboxed so your personal information is protected. We also require developers to ask for permission before accessing personal information like your photos and contacts.
On the App Store, we require app developers to agree to specific guidelines that are designed to protect user privacy and security. When we become aware of an app that violates our guidelines, the developer must address the issue or be removed from the App Store. We make it easy for apps to connect to servers securely. Apple curates apps listed in the App Store to make sure that each app functions the way it’s described by the developer. To protect you even further, once an app is installed on your device, you are prompted for permission the first time it tries to access information such as your location or photos. Of course, you always have the power to make changes to the permissions you’ve granted.
We also make sure that there are certain types of data on your device that apps simply can’t access, and that there is no way for an app to ask for complete access to all your data. We were the first to provide this level of security, and we will continue to build strong safeguards into our platforms.
HomeKit introduces a new way for you to control Wi-Fi– and Bluetooth-enabled accessories, such as your lights and thermostat. We’ve taken great care to make sure that convenience doesn’t come at the expense of your privacy.
Apple does not know what devices you’re controlling, or how and when you’re using them. Siri only associates your HomeKit devices with your anonymous Siri identifier, not you personally. Apps supported by HomeKit are restricted by our developer guidelines to using data solely for home configuration or automation services. Data related to your home is stored encrypted in the keychain of your device. It’s also encrypted in transit between your Apple device and those you’re controlling. And when you control your accessories from a remote location, that data is also encrypted when it’s sent. So HomeKit doesn’t know which devices you’re controlling or how you’re using them.
In addition, when apps perform automatic actions based on your location, such as turning on house lights, these actions are initiated by HomeKit, which makes your location invisible to the app. You can also disable use of your location at any time. You decide who has access to your home, and you can disable notifications on your device at any time.
ResearchKit and CareKit
ResearchKit and CareKit are open source software frameworks that take advantage of the capabilities of iPhone. ResearchKit enables developers to create apps that let medical researchers gather robust and meaningful data for studies. And CareKit is a platform for developers to create apps that help individuals take a more active role in their own well-being.
But we also know that nothing is more important than the privacy of your information, and both ResearchKit and CareKit have been designed with that in mind. You choose which studies you want to join and share with researchers or doctors, and you control the information you provide to individual apps. Apps using ResearchKit or CareKit can pull data from the Health app only with your consent. If you choose to back up your Health app data to iCloud, it is always encrypted when stored and transmitted. Any apps built using ResearchKit for health-related human subject research must obtain consent from the participants and must provide information about confidentiality rights and the sharing and handling of data. And these apps must also be approved by an independent ethics review board before the study can even begin.
For certain ResearchKit studies, Apple will be listed as a researcher, receiving data from participants who consent to share their data with researchers, so we can participate with the larger research community in exploring how our technology could improve the way people manage their health.
CloudKit helps keep your preferences, settings and app data up to date across your devices. With an app that uses CloudKit, you are automatically signed in with your Apple ID, which means you don’t have to create a new account or provide other personal information. So you’ll always have access to your latest information in the app without having to remember new user names or passwords.
By default, developers don’t have access to your Apple ID, just a unique identifier. If you give your permission, developers can use your email to let others find you in their app. You’re always in control of these permissions and you can turn them on or off at any time. Your data isn’t shared with developers, unless you choose to share or post publicly.
When you’re behind the wheel, CarPlay takes the things you want to do on iPhone — like getting directions, making calls and listening to music — and puts them on your car’s built-in display so you can stay focused on the road. Since everything you see in CarPlay comes from your iPhone, all the rigorous privacy measures built into your iPhone and apps carry over to CarPlay. Only essential information that enhances the CarPlay experience will be used from your car. For example, iPhone can combine its own GPS data with your car’s to make Maps as accurate as possible.
Education has always been part of Apple’s DNA. We believe technology has the power to transform every classroom. We also know that parents and students make the best decisions about learning tools when they understand the products and services they’re using and how their information is handled.
The way we manage your institution and student data reflects our strong commitment to privacy. We don’t sell student information and we never share it with third parties to use for marketing or advertising. And schools can purchase apps and deliver them to a student’s iPad without having to use an iTunes login.
In addition, Apple has signed the Student Privacy Pledge, further underscoring our commitment to protecting the information students, parents and teachers share in our schools.