While iOS features often leak ahead of their official launch, information about them rarely comes from hardware assembly plants — here's why.

Apple is no stranger to software leaks. Practically every year, before the iPhone maker releases new versions of its operating systems, we see reports claiming to have details about all the unannounced features and design changes.

Though some features end up changing mid-development, and other rumors were never based in truth to begin with, many leaked capabilities end up making it to the release variant of iOS. That begs the question, where does the accurate information come from?

Oftentimes, it's sourced from prototypes or development devices, sometimes accessed through dubious means. Of course, people who work on Apple's software engineering efforts sometimes disclose confidential information as well.

However, iOS features seldom leak from iPhone assembly plants, despite them having limited access to Apple's pre-release UI elements. In theory, an assembly plant worker could get their hands on an unreleased Camera app or Settings menu, but that rarely ends up happening — and now we know why.

Just as Apple's anti-leak memo itself got leaked, AppleInsider has now received details about the iPhone maker's security protocols for assembly plants with access to pre-release UI. The information comes from people familiar with the matter, offering rare insight into Apple's leak-prevention efforts.

Where pre-release iOS builds are used, and how they're guarded

For its assembly partners, Apple maintains a strict set of security requirements, covering everything from unreleased hardware to so-called Black projects, down to the way iPhone boxes and printed materials are to be handled.

Smartphone on wooden table showing iOS home screen with many apps labeled Waiting and a centered popup alert about a new iOS update available from the iOS 19 beta

Apple assemblers are required to maintain special security measures for iOS variants with pre-production UI elements.

There are also explicit instructions about how and where pre-release operating systems are to be secured.

Specifically, devices with unreleased UI versions are meant to be kept in specialized rooms with only a single door or point of entry, equipped with a badge scanner. There's also a security guard who checks the badges of Apple employees entering the room, as an added security measure.

In terms of additional physical barriers, a curtain is used so that no unauthorized personnel are able to view the pre-release user interface. As for who can enter the so-called UI room, only select Apple employees and third-party staff members have access to the area.

The designated project manager is able to bring additional Apple staff members into the room, provided the employees in question sign in. Authorized Apple employees are allowed to bring in a laptop and a USB flash drive into the room, if necessary.

Third-party assembler employees have to abide by stricter requirements. All of them are required to sign a non-disclosure agreement, and none of them are allowed to bring in cell phones, cameras, or recording devices of any kind. They're also subject to a physical scan upon entering and leaving the area, so that nothing is smuggled in or out.

CCTV cameras with a resolution sufficient to capture facial features are used in the UI area. All workstations, storage shelves, and part storage containers are covered by CCTV, with the recording storage and associated server located in a separate room with restricted access.

The security procedures for UI related areas suggest that Apple holds more faith in its own employees rather than those of third-party assemblers. While the reasoning behind these policies is not specified outright, assembly plant workers may be more likely to attempt to smuggle things in or out of the area.

Inside, the security measures are just as rigorous.

What's inside the so-called UI rooms

Areas containing pre-release UI elements, like most assembly partner offices related to Apple product development, feature workspaces with a Mac mini as the main computer. These, too, are severely restricted.

Silver Apple Mac mini desktop computer on a white surface, displaying a black Apple logo, with a coiled black power or data cable lying to the right in front of a dark acoustic wall.

Apple supply chain partners typically rely on the Mac mini for development-related efforts.

To be more specific, their email and Wi-Fi capabilities are disabled, and each Mac mini is USB-locked to prevent tampering and unauthorized file copying. The network of the UI area is required to be physically separated from other areas in the assembly partner facility.

Devices with unreleased Apple UI are brought in and out only by select assembly partner employees, as authorized by the project manager. The date and time are always recorded, as is the quantity of devices transported in or out.

The Wi-Fi activity of the UI-enabled devices is constantly monitored. We were told that, for testing purposes, hardware running pre-release UI can only access whitelisted websites like Apple, Google, and Google Maps.

Otherwise, Bluetooth and Wi-Fi are to be kept disabled, and camera lenses are either sealed, removed, or otherwise obscured to prevent the transmission of images. If the UI device has a SIM card slot, it's covered by a serialized tamper-evident security seal.

The devices themselves are intended for a single purpose, which is described via a label on each test unit. When not in use, UI-enabled devices are stored in locked containers.

Tamper-evident stickers are also used on all approved test-related equipment, with a list of all serial numbers and the corresponding equipment posted in the UI area.

What UI builds of iOS are used for at assembly facilities

Apple assembly partners use a variety of iOS variants, referred to internally as ReleaseTypes.

Smartphone in landscape mode on green background, showing Notes app with text: This is how assemblers test motion sensors, above a dark onscreen keyboard.

The motion sensors found within Apple products are tested with the Notes app and with other utilities.

Unlike NonUI and LLDiags variants used for hardware diagnostics, access to the VendorUI ReleaseType is heavily restricted. Only select authorized employees are given access to VendorUI versions of iOS.

The builds themselves are distributed with a checklist detailing the available and missing features. Usually, most system applications, including the Phone and Camera apps, or the Safari browser, are present.

However, select applications containing sensitive UI elements, or those not outright required for testing, are removed. While the available apps vary by UI build, Apple has been known to remove apps like Apple Music, Calendar, Clock, Contacts, Calculator, Mail, and others.

Select internal-use applications, including the Radar bug-reporting utility, as well as ABT, ETL Proxy, iQT, and Terminator, are occasionally installed. The presence or absence of these applications depends on the tests set to be conducted, while stock iOS applications are nearly always present.

Smartphone on wooden table displaying a text message screen with a playful white ghost emoji sticking out its tongue and a red circular record button in the corner

The Animoji feature is used to test Face ID hardware.

Apple's assembly partners use these specialized UI builds for outgoing quality control, among other things. As such, employees typically test all of the buttons, speakers, ports, and biometric features like Face ID or Touch ID, depending on the model.

Aside from verifying whether Face ID unlocks an iPhone or iPad, the hardware is also tested via the Animoji feature in Messages.

Motion sensors are checked using the Compass, Measure, and Notes apps. With the Notes app, for instance, the employee conducting the test has to type something, then rotate the device to ensure the iOS keyboard switches to landscape mode as needed.

The ambient light sensor is tested by enabling Auto Brightness in the Settings app and covering the sensor to verify whether the screen's brightness level changes.

Two iPhones side by side display a colorful ocean wave photo, while a hand holds the right phone; a camera and remote rest blurred in the background on a white surface

Employees with access to UI builds typically test the Photos app, among other things.

In the Photos app, authorized employees typically view several images and attempt to crop, edit, or use the markup tool on them. Video playback is tested in practically the same way.

If camera-related tests are conducted, they are done for each image sensor on the device. We were told that the test protocol includes taking a photo with and without flash, taking time lapse photos, portrait-mode shots, panoramas, and videos in regular and slow-motion mode.

Assembly partner employees may note, for example, if a particular camera mode, application, or system feature is non-functional. Sometimes, apps and features crash upon launch, do not respond to user input, or are outright missing, and any such flaws get logged and reported.

Are Apple's security measures truly effective?

Though the VendorUI ReleaseType has seldom been documented, it remains in active use. An iOS 26.2 version of the VendorUI variant was spotted and added to the Apple wiki in February 2026.

Devices running these specialized iOS variants do make their way to collectors now and then, via prototypes and development devices. However, this typically happens well after testing is over, often when the corresponding retail units are available for purchase.

In short, Apple's rigorous security standards and leak prevention measures are effective. They make it difficult for assembler-used UI builds to reach the general public, at least while the software and hardware are in active development.