Apple explains his security concepts behind iOS in a 33 page long white paper.
• System security: The integrated and secure software and hardware that are the platform for iPhone, iPad, and iPod touch.
• Encryption and data protection: The architecture and design that protect user data if the device is lost or stolen, or if an unauthorized person attempts to use or modify it.
• App security: The systems that enable apps to run securely and without compromis- ing platform integrity.
• Network security: Industry-standard networking protocols that provide secure authentication and encryption of data in transmission.
• Internet services: Apple’s network-based infrastructure for messaging, syncing, and backup.
• Device controls: Methods that prevent unauthorized use of the device and enable it to be remotely wiped if lost or stolen.
Security White Paper (PDF)
Security is not something that can be added to software as an afterthought; just as a shed made out of cardboard cannot be made secure by adding a padlock to the door, an insecure tool or application may require extensive redesign to secure it. You must identify the nature of the threats to your software and incorporate secure coding practices throughout the planning and development of your product.
This chapter explains the types of threats that your software may face. Other chapters in this document describe specific types of vulnerabilities and give guidance on code hardening techniques to fix them.
The latest update of Apple’s “Secure Coding Guide” contains following changes:
- Added information about non-executable stacks and heaps, address space layout randomization, injection attacks, and cross-site scripting.