iOS Reference Library Apple Developer
Search

Third-Party Software Security Guidelines

This appendix provides secure coding guidelines for software to be bundled with Apple products.

Insecure software can pose a risk to the overall security of users' systems. Security issues can lead to negative publicity and end-user support problems for Apple and third parties.

Respect Users' Privacy

Your bundled software may use the Internet to communicate with your servers or third party servers. If so, you should provide clear and concise information to the user about what information is sent or retrieved as well as the reason for it.

Encryption should be used to protect the information while in transit. Servers should be authenticated before transferring information.

Provide Upgrade Information

Provide information on how to upgrade to the latest version. Consider implementing a “Check for updates…” feature. Customers expect (and should receive) security fixes that affect the software version they are running.

You should have a way to communicate available security fixes to customers.

Store Information in Appropriate Places

Store user-specific information in the home directory, with appropriate file system permissions.

Take special care when dealing with shared data or preferences.

Follow the guidelines about file system permissions set forth in the Third Party Software Submissions document.

Take care to avoid race conditions and information disclosure when using temporary files. If possible, use the user-specific temporary file directory.

Avoid Requiring Elevated Privileges

Do not require or encourage users to be logged in as an admin user to use your application.

Implement secure development practices

Educate your developers on how to write secure code to avoid the most common classes of vulnerabilities:

Pay special attention to code that:

Use APIs appropriate for the task:

Test for Security

As appropriate for your product, use the following QA techniques to find potential security issues:

Helpful resources

The other chapters in this document describe best practices for writing secure code, including more information on the topics referenced above.

The Security Overview document contains detailed information on security functionality in Mac OS X that developers can use.




Last updated: 2010-02-12

Did this document help you? Yes It's good, but... Not helpful...