iOSDevSWE

Please Apple Insider, try to use the correct vocabulary: it’s not a “point” release but a ”patch“ release. Apple, like most of the software developers, use the SemVer standard (semantic versioning) where a version number is called MAJOR.MINOR.PATCH. That way you understand clearly what this release is for: to patch something that has been wrong, either a minor bug that is fixed or a security hole that is filled.
Link: https://semver.org/

The article lacks fact checking and details like when were the tests conducted either OpenAIs models and which model was used. When I perform the request I get the following answer from chatGPT 4o:

Don’t forget the machine learning algorithm that recognises and categorises people’s faces in Photos. It’s been around for a long long time. 

kmarei said:

i've learnt that lesson a long time ago
i don't jump versions on my devices, if i get it with 15, i will update to the latest 15 and not go to 16
already ruined 2 devices when i upgraded iOS to the next number up and the devices became unusable
had to basically throw an ipad away that worked great the night before on the older iOS
even browsing to a website would take like 2-3 minutes on the new one

plus i have rarely noticed the difference between iOS versions
ok i get a few more emojies, big whoopie

Wow so many things to comment in just one post, so I’ll explain why this is a really bad behaviour:
1. What used to work “a long time ago” does not work anymore. The hardware in the newer phones doesn’t behave like the one in an iPhone 6, 8 or X.
2. You can’t throw away a device the day after its update to a newer iOS version because it’s getting slower: it takes maybe a week depending on your usage, to optimise the OS after an upgrade. This is why the battery is getting worse after each upgrade and although it is a known fact, you can hear each year people complaining about it 😔. Just plug your device to a socket and leave it there, it will get fixed faster.
3. even if YOU can’t see what’s new with a new iOS version, we, the developers, see a huge difference: Apple does a fantastic work each year in improving the SDK so that things get more performant and/or takes much less code to perform an action. This has a huge impact on both security within apps and code quality leading to fewer bugs. Basically having to take care of several iOS versions for an app can be extremely time consuming and requires having devices on all those versions too.  It is often not justified economically to support old iOS version just because some few % of the user base doesn’t care upgrading there device to the latest version. This is why I force my users to upgrade through information about deprecation of support of there old iOS version quickly: they have time to update so they don’t lose functionality. Furthermore with newer iOS versions, the improvements lead to better battery management hence it is not smart to stay on an old iOS version.

But of course, if you don’t use apps on your iPhone and just use it to ring, you can go on doing what you do. The majority of us are doing the opposite: we mostly use apps and don’t call hence security and latest SDK features are the greatest concern. (And also newer emojis 😂)

Let’s go through some misconceptions in your articles:

”Apple's Secure Enclave is a protected area on Apple's devices which holds keys, encrypted data, cards, and other security information.”

No! The Secure Enclave doesn’t hold anything else than Private keys. Those keys can’t even be retrieved from its protected space. The place where you “store” things is called the Keychain. Basically what you do is you create a private key in the Secure Enclave and use it (through its data representation as you can’t get the key out of Secure Enclave) and encrypt data into Keychain. People often do this mistake of confusing Keychain with Secure Enclave because they are using low level queries with Keychain to save passwords or sensitive data from their app. Instead the iOS developer should use CryptoKit. That way it is clear what you can and can’t do by simply using autocomplete in Xcode with “SecureEnclave.P256.” as a start. For the curious reader, P256 is the only type of elliptic curve used with Secure Enclave that enables NIST P-256 signatures and key agreements.

“[…] it uses AES cryptography to encode information so it's not plain-text readable without decryption.“

Encoding and encrypting are two completely different things. Encoding is to “write differently” something. For instance you can use ascii, utf8, utf16 etc… An example -> the following string has been encoded in base64: QXBwbGVJbnNpZGVy. I will let the reader choose whichever online base64 decoding tool to read what I encoded 😉. Anybody can “decode” that string to its original utf8 form, but if I encrypt it with my own Secure Enclave key on my iPhone 15 Pro, you will need exactly that key on my phone to read it without brute force. I would recommend you go through your article and replace all occurrences of “encode” to “encrypt”.

“One of the major uses of Secure Enclave is to encode, store, and retrieve your sensitive data and passes in the Apple Wallet app for later use.”

No, the major and only use of Secure Enclave is to encrypt or sign data. Nothing else.

“Apple wallet limitations”

Precisely! The limitations are on the Apple Wallet app, not Secure Enclave. However, if you’re like me, very intrigued about how Secure Enclave works, you should watch Ivan Krstic’s talk at Black Hat USA in 2016 (available on YouTube). It is possible to exhaust the number of private keys you can create in the Secure Enclave (listen particularly to the questions at the end of the video). But Apple doesn’t communicate what this limit is. The curious/intrepid developer could write an app that abuses Secure Enclave and creates many private keys until they exhaust. I have no idea what happens then, perform at your own risk…

I hope that now people will understand more clearly what the Secure Enclave really is: it is not Keychain!

Secure Enclave documentation: https://developer.apple.com/documentation/cryptokit/secureenclave

CryptoKit documentation: https://developer.apple.com/documentation/cryptokit/