Apple Platform Security
- Welcome
- Intro to Apple platform security
-
- System security overview
- Signed system volume security
- Secure software updates
- Rapid Security Responses
- Operating system integrity
- BlastDoor for Messages and IDS
- Lockdown Mode security
- System security for watchOS
- Random number generation
- Apple Security Research Device
-
- Services security overview
-
- Apple Pay security overview
- Apple Pay component security
- How Apple Pay keeps users’ purchases protected
- Payment authorization with Apple Pay
- Paying with cards using Apple Pay
- Contactless passes in Apple Pay
- Rendering cards unusable with Apple Pay
- Apple Card security
- Apple Cash security
- Tap to Pay on iPhone
- Secure Apple Messages for Business
- FaceTime security
- Glossary
- Document revision history
- Copyright
Password AutoFill security
Password AutoFill automatically fills credentials stored in the keychain. The iCloud Keychain password manager and Password AutoFill provide the following features:
Filling in credentials in apps and websites
Generating strong passwords
Saving passwords in both apps and websites in Safari
Sharing passwords securely to a users’ contacts
Providing passwords to a nearby Apple TV that’s requesting credentials
Generating and saving passwords within apps, as well as providing passwords to Apple TV, are available only in iOS, iPadOS, and visionOS.
Password AutoFill in apps
iOS, iPadOS, and visionOS allow users to input saved user names and passwords into credential-related fields in apps, similar to the way Password AutoFill works in Safari. On iPhone and iPad, users tap a key affordance in the software keyboard’s QuickType bar. On Mac, for apps built with Mac Catalyst, a Passwords drop-down menu appears below credential-related fields.
When an app is strongly associated with a website that uses the same app-website association mechanism and that’s powered by the same apple-app-site-association file, the iOS and iPadOS QuickType bar and macOS drop-down menu directly suggest credentials for the app, if any are saved to the Password AutoFill Keychain. This allows users to choose to disclose Safari-saved credentials to apps with the same security properties, without those apps having to adopt an API.
Password AutoFill exposes no credential information to an app until a user consents to release a credential to the app. The credential lists are drawn from or presented out of the app’s process.
When an app and website have a trusted relationship and a user submits credentials within an app, iOS, iPadOS, and visionOS may prompt the user to save those credentials to the Password AutoFill keychain for later use.