Compliant Product - Apple iOS 14 and iPadOS 14: Contacts
Certificate Date:
2021.08.20
CC Certificate Validation Report Number: CCEVS-VR-VID11191-2021 Product Type: Application Software Conformance Claim: Protection Profile Compliant PP Identifier: Protection Profile for Application Software Version 1.3 CC Testing Lab: Acumen Security ![[PDF]](/assets/images/icon_pdf.gif){kind=icon}
Security Target
Validation Report
Assurance Activity
Administrative Guide
Product Description
The TOE is the Apple Contacts application running on Apple iOS 14 and iPadOS 14. Contacts allows a user to access and edit contacts from personal, business, and other accounts. Contacts is a first-party app, distributed with the operating system of the iPhone and iPad devices. Users can add contacts manually and/or they can be synchronized with an external server. Note: The TOE is the Contacts application software only. The Apple iOS and iPadOS operating systems have been separately validated by NIAP.
Evaluated Configuration
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which Apple iOS 14 and iPadOS 14: Contacts was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Rev. 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Rev. 5. The product, when configured as identified in the Apple iOS 14 and iPadOS 14: Contacts Common Criteria Configuration Guide, satisfies all of the security functional requirements stated in the Apple iOS 14 and iPadOS 14: Contacts Security Target. The project underwent CCEVS Validator review. The evaluation was completed in August 2021. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
Environmental Strengths
The TOE provides the security functionality required by the Protection Profile for Application Software Version 1.3 (PP_APP_v1.3).
Cryptographic Support The TOE platform provides HTTPS/TLS functionality to securely communicate with trusted entities. The TOE does not directly perform any cryptographic functions.
User Data Protection The TOE utilizes network and address book access. The TOE requests camera and photos library access to associate pictures with contacts.
Identification and Authentication The TOE uses platform-provided X.509 certificate validation functions to verify the validity and revocation status of HTTPS/TLS server certificates.
Security Management The TOE is installed completely pre-configured. No security related configuration is required for operation.
Privacy The TOE does not request any perstonally identifiable information (PII) with the intent to transmit the data over the network. However, the TOE will transmit contact information at the request of the user.
Protection of the TSF The TOE platform performs cryptographic self-tests at startup to ensure the TOE can properly operate. The TOE platform also verifies all software updates via digital signature.
Trusted Path/Channels The TOE is a software application. The TOE has the ability to establish protected communications using platform-provided TLS/HTTPS. Vendor InformationApple Inc. Fiona Pattinson +1 669 227 3579 security-certifications@Apple.com www.apple.com |