This appendix provides secure coding guidelines for software to be bundled with Apple products.
Insecure software can pose a risk to the overall security of users' systems. Security issues can lead to negative publicity and end-user support problems for Apple and third parties.
Your bundled software may use the Internet to communicate with your servers or third party servers. If so, you should provide clear and concise information to the user about what information is sent or retrieved as well as the reason for it.
Encryption should be used to protect the information while in transit. Servers should be authenticated before transferring information.
Provide information on how to upgrade to the latest version. Consider implementing a “Check for updates…” feature. Customers expect (and should receive) security fixes that affect the software version they are running.
You should have a way to communicate available security fixes to customers.
Store user-specific information in the home directory, with appropriate file system permissions.
Take special care when dealing with shared data or preferences.
Follow the guidelines about file system permissions set forth in the Third Party Software Submissions document.
Take care to avoid race conditions and information disclosure when using temporary files. If possible, use the user-specific temporary file directory.
Do not require or encourage users to be logged in as an admin user to use your application.
Educate your developers on how to write secure code to avoid the most common classes of vulnerabilities:
Buffer overflows
Integer overflows
Race conditions
Format string vulnerabilities
Pay special attention to code that:
deals with potentially untrusted data, such as documents or URLs
communicates over the network
handles passwords or other sensitive information
runs with elevated privileges such as root or in the kernel
Use APIs appropriate for the task:
Use APIs that take security into account in their design.
Avoid low-level C code when possible (e.g. use NSString instead of C-strings).
Use the security features of Mac OS X to protect user data.
As appropriate for your product, use the following QA techniques to find potential security issues:
Test for invalid and unexpected data, as well as for what is expected (e.g. use of fuzzing tools, unit tests that test for failure)
Static code analysis
Code reviews and audits
The other chapters in this document describe best practices for writing secure code, including more information on the topics referenced above.
The Security Overview document contains detailed information on security functionality in Mac OS X that developers can use.
Last updated: 2010-02-12