On Monday, Apple released updates for its various products. As usual, they fix flaws and add capabilities, but the iOS update (v10.3) is more noteworthy than usual, as it will make all updated iDevices switch to a new file system.
It’s called Apple File System (APFS).
APFS is engineered with encryption as a primary feature (it has native encryption support), and is optimized for Flash/SSD storage (the HFS+ file system these devices used until now was developed when file sizes were calculated in kilobytes or megabytes).
Add to this copy-on-write metadata, space sharing, cloning for files and directories, snapshots, fast directory sizing, atomic safe-save primitives, and improved file system fundamentals, and you have a file system that should meet the challenges of this era.
APFS and encryption
APFS supports multiple levels of file system encryption – no encryption, one key per volume (metadata and data are encrypted with the same key), and multi-key encryption.
As Apple developers explained at last year’s Worldwide Developers Conference, in the latter option, sensitive metadata is encrypted with a single key that’s distinct from the per file keys that are used in encrypting individual files. APFS also supports per extent encryption, so each region of a file can be encrypted with its own key.
“Apple File System uses AES-XTS or AES-CBC encryption modes, depending on hardware,” the company shared in this guide to the new file system.
“Multi-key encryption ensures the integrity of user data. Even if someone were to compromise the physical security of the device and gain access to the device key, they still couldn’t decrypt the user’s files.”
The company aims to implement APFS eventually in all of its products, but have started with iOS-running devices. It is scheduled to be shipped to macOS consumers later this year.
A list of other improvements and new features included in the newest iOS version can be found here, and a list of security fixes here. iOS 10.3 also fixes a bug in the way that Mobile Safari handles pop-up dialogs, recently exploited by scammers.