How Apple keeps your Handoff data private and secure

Handoff is part of Continuity, which is designed to make iPhones, iPads, and Macs work together more quickly, easily, and seamlessly than ever before. Rather than putting the same interface across all their devices, or making the web the center of the universe, Handoff is keeping things personal. Devices have to be logged into your Apple ID. You have to be within Bluetooth Low Energy (BT LE) proximity. And instead of automatically pushing your data out, Handoff waits for you to elect to use it. That all makes it private, but what makes it secure?

Your Apple identity

Your Apple ID (also known as your iCloud or iTunes account) lets Apple know which devices are yours. Log into iCloud on an iPhone, iPad, or Mac with that ID, and Apple knows you own those devices. That way, only your hardware ever has access to your data.

This means if you live or work with other people who also have Apple devices, you never have to worry about your data and their data getting confused or co-mingled. Your stuff is yours and yours alone.

Proximity protection

When two or more of your Apple devices come close together, they establish a BT LE connection for Handoff. Proximity is what helps protect your privacy: Handoff can only share data with your devices when they're close enough for you to almost certainly have physical control over them.

This way, you don't have to worry about something popping up on your work Mac when you're using your iPad at home, or on an iPad at school when you're at the coffee shop on your iPad. Handoff will only make activities available to devices that are within reach.

Keys and chains

When Handoff establishes a connection between your devices, it's established out-of-band using the Apple Push Notification (APN) service. That means it uses a similar type of security to iMessage, generating a symmetric 256-bit AES key for each device and storing it within each device's keychain. Apple claims it also protects this communication against replay attacks as well.

Once the connection is made, Handoff will advertise new activities as they occur. It doesn't highlight any data or documents, however — just the app that you're using. So, for example, if you're browsing a web page, Handoff will let other devices know you're using Safari. If you're working on a presentation, Handoff will let those devices know you're using Keynote.

Most of the time, communication happens over BT LE using the aforementioned encryption. Occasionally, if BT LE isn't optimal, APN can also handle the communication, again using the same encryption.

Push vs. pull

The real beauty of Handoff is that very little data gets transferred unless you elect to have it do so. It doesn't push your activities and data between your devices at all times; instead, it just lets you know an activity is available to resume, when and if you choose to. You, the person, still have to expressly pull that activity and data over.

You do that by swiping up on your iOS device's Lock screen, or swiping left and tapping on the Handoff card within that device's multitasking app switcher. On the Mac, you can click on the Handoff icon in the Dock, or use CMD-Tab to select the Handoff icon within the application switcher.

In every case, it takes an explicit action from you, the user. Only then will Handoff actually "hand off".

Securing the transfer

Once triggered, Handoff will transfer small amounts of data using BT LE or APN along with the same encryption that handles the connection. For example, the URL of the web page you're reading, or iCloud document you're editing.

Handoff also can transfer information between websites and apps, but before it does, the app has to prove it controls the domain of the website. In other words, the Facebook app has to prove it controls the website. (This is done via Apple's established mechanism for shared web credentials).

Transferring larger amounts of data —for example, a filed attached to an email draft — uses peer-to-peer Wi-Fi, similar to AirDrop, along with standard transport layer security (TLS). Handoff begins with the same BT LE connection, then engages Wi-Fi until the transfer is complete.

Bottom line

If you don't want to use it, you can easily disable Handoff on both iPhone and iPad and Mac. Otherwise, Handoff does everything it can to make sure you own the devices, have them in close proximity, and want to move your activities over. That maintains your privacy. The encrypted connection and transfer maintains your security. You do have to trust both iCloud for your login and APN for messaging, but if that works for you, Handoff will work for you.