The new Apple macOS Sierra File System is all about encryption
One little known fact about the upcoming release of the all-new Apple macOS Sierra, as recently pointed out by The Hacker News, is that as of 2017, the new operating system will no longer use the HFS+ file system, common to OS X, iOS tvOS and watchOS, in favor of a new APFS (Apple File System), engineered for next generation devices with a focus on encryption.
The change is expected to propagate beyond Macs, eventually, and it will also extend to all Apple devices, including iPhone, iPad, Apple Watch, and Apple TV. The new file system, according to an entry posted on the WWDC 2016 schedule, is “...optimized for Flash/SSD storage, and engineered with encryption as its primary feature...”.
The fundamental difference between HFS+ and APFS is that Apple’s new file system uses encryption natively, rather than relying on a separate application, like File Vault. What this means to the average user, is that it’s going to be a lot harder for criminals to extract data from a stolen Mac or iOS device, without a legitimate way to log into it.
The change is likely to be the last nail in the coffin of the encryption debate, raised by government agencies who have been fighting Apple, tooth and nail, to force the company to provide backdoor access to Apple devices. By allowing Apple users to upgrade to the new file system, Apple is effectively removing itself from the equation, by giving users all the keys to their devices, with no way for anyone to bypass this new brand of security, including Apple itself.
With that said, encryption won’t be mandatory, and will be available on-demand, in two different forms:
- Single-key encryption
- Multi-key encryption
Without getting into the technical details of how each of the above methods work, the fundamental principle is that once multi-key encryption is enabled on a Mac, there is very little chance that files can be extracted in a readable form.