Secure features in the Shortcuts app

In the Shortcuts app, shortcuts are optionally synced across Apple devices using iCloud. Shortcuts can also be shared with other users through iCloud. Shortcuts are stored locally in an encrypted format.

Custom shortcuts are versatile—they’re similar to scripts or programs. When downloading shortcuts from the internet, the user is warned that the shortcut hasn’t been reviewed by Apple and is given the opportunity to inspect the shortcut. To protect against malicious shortcuts, updated malware definitions are downloaded to identify malicious shortcuts at runtime.

Custom shortcuts can also run user-specified JavaScript on websites in Safari when invoked from the share sheet. To protect against malicious JavaScript that, for example, tricks the user into running a script on a social media website that harvests their data, the JavaScript is validated against the aforementioned malware definitions. The first time a user runs JavaScript on a domain, the user is prompted to allow shortcuts containing JavaScript to run on the current webpage for that domain.

Download this guide as a PDF

Helpful?

Explore Mac

More from Mac

Explore iPad

More from iPad

Explore iPhone

More from iPhone

Explore Watch

Explore AirPods

More from AirPods

Explore TV & Home

More from TV & Home

Explore Entertainment

Support

Explore Support

Get Help

Helpful Topics

Explore

Quick Links

Secure features in the Shortcuts app