Bluetooth: The secret to Apple's ecosystem

Auto Unlock
Auto Unlock (Image credit: Rene Ritchie / iMore)

The power of the Apple ecosystem. You hear so much about it. How, once you get in, it makes it oh just so easy to stay in. Once you get one product, like an iPhone, it makes it oh just so easy to get more, like an Apple Watch, iPad, or Mac. But what does it really mean and how does it really work? I mean, not just in nebulous terms but specifically?

For me, Bluetooth is a big part of it.

Bring the Apple Ecosystem Together... and binding it

Apple has a love-hate relationship with Bluetooth. They spend untold resources working around its deficiencies with custom silicon like the W- and H-series chipsets, but it's also the glue that holds their all-important ecosystem together. Because of Continuity. When Continuity first launched alongside Extensibility in iOS 8 and macOS Yosemite, I said they were going to prove to be two of the most important technologies of the decade. And I think that's been proven true. Continuity is something, from AirDrop to Handoff, that people with multiple Apple products depend on every day.

Continuity Camera

Continuity Camera (Image credit: Rene Ritchie / iMore)

Let's say you have an iPhone and then get an iPad. When you sign into that iPad with your same Apple ID, they create a Bluetooth Low Energy — or BLE — pairing.

This is done out-of-band, which means separate from any normal communications, and they use Apple's Push Notification Service – APNs — which is the system responsible for all the internet-based notifications you get on your devices. The communication between devices is end-to-end encrypted. So, basically, just image your iPhone and iPad using iMessage together to set things up for you.

Once the pairing happens, each generates a symmetric key that encrypted using 256-bit AES, which is really strong encryption, and each stores it in its own Keychain, which is the system Apple devices use to securely store credentials like passwords.

That key is then used to encrypt and authenticate the BLE broadcast from the device. So, for example, if you're typing an email on your iPhone, Bluetooth LE will advertise the activity, protected by 256-bit encryption, in Galois/Counter or GCM Mode, which helps maintain security and high performance. They'll also, in some cases, use APNs instead of BT LE, but it's still end-to-end encrypted, still like iMessage.

Apple also measures time-of-flight (ToF), or how long the transmission takes, to make sure someone isn't trying to record the broadcast on one end and relay it to another device on the other end.

On the other end, your iPad will receive the advertisement, establish a connection, and exchange encryption keys. Then, in this case, the Mail app will show up on your iPad, with the Continuity sticker, and if you tap on it, not only will the Mail app open, but the text you were typing will be copied over to it and you'll be taken to the exact spot where you were last typing on your iPhone.

And there's some cool stuff happening there that's worth diving into as well.

  1. Because you're logged into your same Apple ID on both devices, if you're working on something bigger, like a Pages document, and it's stored in iCloud, your iPhone and iPad don't have to worry about sending the document between them. Your iPad can just grab it from iCloud.
  2. Because the Bluetooth LE advertisement has a limited range, less than Wi-Fi or an internet connection, the relative proximity helps ensure you're physically in the same place. So, if you're at home, you don't have to worry about your activity being advertised to a device at work or at school. In other words, a colleague or classmate couldn't pull up whatever fringe website you're currently browsing. You're welcome.
  3. If the data isn't on iCloud but is too big to be efficiently transferred over BT LE, for example if you email has a bunch of images attached, Apple will create a peer-to-peer Wi-Fi connection. That's encrypted using Transport Layer Security — or TLS.

And it's doing much more than just syncing content, the way a lot of online services do. It's syncing state. You can go to a lot of online services, login, and see your stuff on multiple devices. But, with this, you don't have to go open the browser, go to the service, find the document, find where you last left off. It's doing all the hard work for you. It's bringing the activity to you. Just tap and you're ready to continue right where you left off.

From AirDrop to Auto-Unlock

That's the basics of how Handoff works, so you can start an activity on one device, like your iPhone and continue or finish it on another, like your iPad. It's also how Universal Clipboard works, which lets you copy something on one device and immediately paste it on another.

So, for example, if you have a photo on your Mac and you want to paste into Twitter on your iPhone, you don't even have to go through handoff. You can literally hit CMD-C on your Mac and then tap, hold, and paste right on your iPhone.

AirDrop is similar as well, but a little more complicated because, while you can easily AirDrop between your own Apple devices, you can also AirDrop to other people's Apple devices. So, Apple does a few things to keep it secure. First, your Apple ID is associated with an email address and/or phone number. That's how you contact people over iMessage or FaceTime. But, that's with people you know. You may want to AirDrop with someone you've just met at school, at a conference, on vacation, whatever. So, when you turn on AirDrop, Apple creates a short identity hash based on your Apple ID email and/or phone number.

When you go to AirDrop, your device begins advertising for a connection, including that hash. If someone else is within Bluetooth Low Energy range and has AirDrop enabled, they can receive that advertisement. Then one of two different things can happen. If their AirDrop is in Contacts Only mode, it'll receive your hash and try to match it against hashes of all the people in their Contacts database. If it finds a match, it'll respond over peer-to-peer Wi-Fi, and your device will take the extra step of sending a long identity hash. If that matches as well, their long identity hash will be sent back to you. Then, if you have their proper name and profile pic in your contacts, AirDrop will show that to you as a potential target.

That way, you can never pull someone else's contact information or photo over AirDrop, and they can't ever pull yours. You both only ever see what you both only already have. So, if you're on a business trip and they have your LinkedIn pic, the joke drunk party pic you saved of yourself last Friday night doesn't get leaked. You're also welcome.

If the contact is established, or you have AirDrop set to "Everyone", tap on the person you want to share with, a TLS encrypted connection is created, each person's iCloud identity certificate is verified against their contact, and, if the person you're sharing with accepts, the data is transferred.

Wi-Fi password sharing, which lets you tap to approve someone on your network without having to give them the password for the network works in a similar way, except the data being sent is a 64-character PSK to join the network instead of a photo or other type of file.

More to come

There are a bunch of other Continuity features as well, ones that let you text message on your Mac using your iPhone, or instantly hotspot your iPad, or tap you iPhone to your HomePod to switch audio sources, or unlock and authenticate for your Mac using your Apple Watch.

It's literally the glue that binds together the Apple ecosystem. That makes it more than the sum of the individual devices. And Apple keeps adding to it year after year.

○ Video: YouTube
○ Podcast: Apple | Overcast | Pocket Casts | RSS
○ Column: iMore | RSS
○ Social: Twitter | Instagram

Rene Ritchie

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.