Secure Enclave on Apple Devices

Mobile devices generally use an isolated execution environment such as a Trusted Execution Environment (TEE) (on Android and some other devices) and Apple’s Secure Enclave (on Apple iOS devices) that runs independently from the main operating system (e.g., Android or iOS). These environments provide security-critical capabilities such as storing cryptographic keys, including the keys used to encrypt sensitive data stored on the mobile device. Moving security-critical capabilities to an isolated execution environment provides resilience against attacks that successfully exploit the main operating system. However, even these isolated environments are not necessarily immune from exploitation.