Encryption & Data at Rest

Data protection is a built-in feature of iOS that provides strong encryption for user data. It works by constructing a hierarchy of keys and builds on the hardware encryption technology in the iPhone. Each file is assigned to a class, with accessibility being determined according to whether the class keys have been unlocked or not. 

Device Encryption

Apple uses AES 256-bit encryption for iPhone encryption. This is considered a very strong encryption standard and provides a high level of security for data stored on iPhones. The encryption process automatically takes place when you set a screen lock passcode for your device. 

Data Vault

Data Vault is a technology used by Apple to prevent apps from accessing a user's personal information without permission. In iOS 13.4 or later, all third-party apps automatically have their data protected in a Data Vault. Data Vault helps protect against unauthorized access to the data, even from processes that aren't themselves sandboxed. 

Access Control

Apple devices help prevent apps from accessing a user's personal information without permission using various technologies including Data Vault. Users can see which apps they have permitted to access certain information as well as grant or revoke any future access. Access is enforced in iOS for various features like Calendars, Camera, Contacts, Microphone, Photos, Reminders, Speech recognition, etc. 

Apple's iOS provides robust protection for app access to user data through a combination of data protection, device encryption, Data Vault technology, and access control mechanisms. These measures ensure that user data is securely stored and that apps can only access this data with the appropriate permissions.