Apple Platform Security
-
Welcome
-
Introduction
-
-
Services security overview
-
-
Apple Pay overview
-
Apple Pay components
-
Secure Element and NFC controller
-
Payment authorization
-
Transaction-specific dynamic security code
-
Pay with credit and debit cards in stores
-
Pay with credit and debit cards within apps
-
Paying with credit and debit cards on the web
-
Contactless passes
-
Render cards unusable
-
Suspending, removing, and erasing cards
-
Apple Cash
-
Transit cards
-
Credit and debit cards for transit
-
Student ID cards
-
-
Business Chat
-
FaceTime
-
-
-
Developer Kits overview
-
-
HomeKit identity
-
Communication with HomeKit accessories
-
Local data storage
-
Data synchronization between devices and users
-
Home data and apps
-
HomeKit and Siri
-
HomeKit IP cameras
-
HomeKit routers
-
iCloud remote access for HomeKit accessories
-
HomeKit TV Remote accessories
-
Apple TV profiles for HomeKit homes
-
-
CloudKit
-
SiriKit
-
DriverKit
-
Camera and ARKit
-
-
-
Secure device management overview
-
Pairing model
-
Passcode and password settings management
-
Configuration enforcement
-
Mobile device management (MDM)
-
Automated Device Enrollment
-
Apple Configurator 2
-
Device supervision
-
Device restrictions
-
Activation Lock
-
Lost Mode, remote wipe, and remote lock
-
Screen Time
-
-
Glossary
-
Document Revision History
-
Copyright
App security overview
Apps are among the most critical elements of a modern security architecture. While apps provide amazing productivity benefits for users, they also have the potential to negatively impact system security, stability, and user data if they’re not handled properly.
Because of this, Apple provides layers of protection to ensure that apps are free of known malware and haven’t been tampered with. Additional protections enforce that access from apps to user data is carefully mediated. These security controls provide a stable, secure platform for apps, enabling thousands of developers to deliver hundreds of thousands of apps for iOS, iPadOS, and macOS—all without impacting system integrity. And users can access these apps on their Apple devices without undue fear of viruses, malware, or unauthorized attacks.
On iPhone, iPad, and iPod touch, all apps are obtained from the App Store—and all apps are sandboxed—to provide the tightest controls.
On Mac, many apps are obtained from the App Store, but Mac users also download and use apps from the Internet. To safely support Internet downloading, macOS layers additional controls. First, by default on macOS 10.15 or later, all Mac apps need to be notarized by Apple to launch. This requirement ensures that these apps are free of known malware without requiring that the apps be provided through the App Store. In addition, macOS includes industry-standard anti-virus protection to block—and if necessary remove—malware.
As an additional control across platforms, sandboxing helps protect user data from unauthorized access by apps. And in macOS, data in critical areas is itself sandboxed—which ensures—that users remain in control of access to files in Desktop, Documents, Downloads, and other areas from all apps, whether the apps attempting access are themselves sandboxed or not.
Native capability | Third-party equivalent |
|---|---|
Plug-in unapproved list, Safari extension unapproved list | Virus/Malware Definitions |
File quarantine | Virus/Malware Definitions |
XProtect/Yara signatures | Virus/Malware Definitions |
MRT (Malware Removal Tool) | Endpoint protection |
Gatekeeper | Endpoint protection. Enforces code signing on apps to ensure only trusted software runs. |
eficheck (Necessary for Mac computers without an Apple T2 Security chip) | Endpoint protection–rootkit detection |
Application firewall | Endpoint protection–firewalling |
ipfw | Firewall solutions |
System Integrity Protection | Only Apple can provide this |
Mandatory Access Controls | Only Apple can provide this |
KEXT exclude list | Only Apple can provide this |
Mandatory app code signing | Only Apple can provide this |
App notarization | Only Apple can provide this |