Compliant Product - Apple iOS 14 and iPadOS 14: Contacts
Certificate Date: 2021.08.20CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11191-2021
Product Type: Application Software
Conformance Claim: Protection Profile Compliant
PP Identifier: Protection Profile for Application Software Version 1.3
CC Testing Lab: Acumen Security
The TOE is the Apple Contacts application running on Apple iOS 14 and iPadOS 14. Contacts allows a user to access and edit contacts from personal, business, and other accounts.
Contacts is a first-party app, distributed with the operating system of the iPhone and iPad devices. Users can add contacts manually and/or they can be synchronized with an external server.
Note: The TOE is the Contacts application software only. The Apple iOS and iPadOS operating systems have been separately validated by NIAP.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which Apple iOS 14 and iPadOS 14: Contacts was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Rev. 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Rev. 5. The product, when configured as identified in the Apple iOS 14 and iPadOS 14: Contacts Common Criteria Configuration Guide, satisfies all of the security functional requirements stated in the Apple iOS 14 and iPadOS 14: Contacts Security Target. The project underwent CCEVS Validator review. The evaluation was completed in August 2021. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
The TOE provides the security functionality required by the Protection Profile for Application Software Version 1.3 (PP_APP_v1.3).
The TOE platform provides HTTPS/TLS functionality to securely communicate with trusted entities. The TOE does not directly perform any cryptographic functions.
User Data Protection
The TOE utilizes network and address book access. The TOE requests camera and photos library access to associate pictures with contacts.
Identification and Authentication
The TOE uses platform-provided X.509 certificate validation functions to verify the validity and revocation status of HTTPS/TLS server certificates.
The TOE is installed completely pre-configured. No security related configuration is required for operation.
The TOE does not request any perstonally identifiable information (PII) with the intent to transmit the data over the network. However, the TOE will transmit contact information at the request of the user.
Protection of the TSF
The TOE platform performs cryptographic self-tests at startup to ensure the TOE can properly operate. The TOE platform also verifies all software updates via digital signature.
The TOE is a software application. The TOE has the ability to establish protected communications using platform-provided TLS/HTTPS.
+1 669 227 3579