Security and privacy
Since HomeKit may become instrumental for controlling and securing homes, security and privacy are core to the system. From a user standpoint, the creator of a ‘home’ becomes the admin and can perform all operations, including adding guests (such as family members). Guests must have their own iOS device, and an Apple ID with an iCloud account that matches the one provided by the admin. These users cannot modify layouts, but can make more basic changes and execute actions.
In terms of accessories, Apple’s ensured there’s secure pairing and end-to-end encryption between them and your iOS devices. HomeKit- compatible products must be approved by Apple and part of the Made for iPhone (MFi) program. Bridged products must also be MFi-approved, and may have restrictions placed on them: for example, the likes of non-HomeKit door locks will reportedly be blocked entirely.
Apple rules are similarly strict regarding apps used to control HomeKit accessories. Any in use must run in the foreground, excepting triggers approved by a user. It’s explicitly forbidden for apps to gather and store information about your home and its accessories. And apps must be focussed on home automation, ensuring not just any app can access HomeKit data.