Apple Introduces Cryptographic Libraries to Protect Apps with Advanced Security Protocols
On October 29, Apple announced the launch of its cryptographic libraries called corecrypto library, allowing third-party developers to improve the security measures and add additional security protocols in iOS and OS X applications.
The decision of Apple to integrate new security protocols comes after the efforts of other major technology firms, including Intel and Symantec, to explore various hacking tools and ransomware that encrypt or infect mobile data.
According to Intel and Symantec’s newly published report, ransomware such as CryptoWall has successfully encrypted personal and sensitive data of over 400,000 victims globally, demanding bitcoin ransoms to recover it.
Apple aims to protect its apps and developers from these attacks, by offering hash-based message authentication codes, digests and symmetric encryption systems through its Common Crypto security protocol.
Apple developers will be granted access to Apple’s Security Framework and Common Crypto libraries, which will enable the integration of tokens, encryption, public and private key management systems and security certificates.
According to the Apple site, “Security Framework provides interfaces for managing certificates, public and private keys, and trust policies. It supports the generation of cryptographically secure pseudorandom numbers. It also supports the storage of certificates and cryptographic keys in the keychain, which is a secure repository for sensitive user data.”
The tokenization security protocol provided by Apple enables developers to replace sensitive or personal details with special numbers for making payments. Such a system could be implemented to secure in-app purchases and any iOS or OS X payment- related activities to avoid potential data breaches or ransomware infections.
The same technology is applied to Apple’s mobile payment network Apple Pay, to eliminate any personal information that could be tied back to its users.
“Apple Pay was designed so that when you pay in stores Apple doesn’t collect any transaction information that can be tied back to you,” says the Apple Support site.
Corecrypto, the cryptographic libraries that include various security protocol such as Apple’s tokenization technology, acts as the backbone of both Apple Security Framework and Common Crypto which could be integrated by Apple developers. Corecrypto library is also set to be Apple’s first open-source software and it is available on Apple’s the official Developer’s site.