Security

People appreciate the security of macOS and expect their apps to be equally secure. When you take advantage of system-provided security technologies, you can securely store information locally, authorize a user for specific operations, and transport information across a network.

Avoid relying solely on passwords for authentication. Take advantage of other technologies like Touch ID, which lets users authenticate with a fingerprint. For developer guidance, see LocalAuthentication.

Store sensitive information in a keychain. A keychain provides a secure, predictable user experience when handling someone’s private information. For developer guidance, see Keychain Services.

Never store passwords or other secure content in plain-text files. Even if you restrict access using file permissions, sensitive information is much safer in an encrypted keychain.

Make assumptions wisely. For example, don’t assume that only one user is logged in. Because of fast user switching, multiple users may be active on the same system.

Avoid inventing custom authentication schemes. If your app requires authentication, use the system-provided authorization APIs. For related guidance, see Authentication.

Factor out code that requires privileged access into a separate process. Factoring isolates secure code from nonsecure code and makes it easier to verify that no damaging rogue operations are occurring, whether intentional or not.

Be wary of loaded and privileged code. In particular, avoid loading privileged code plug-ins, which adopt the privileges of their parent process. Avoid calling potentially dangerous functions, like system or popen from loaded or privileged code.

For developer guidance, see Security.

Ensuring App Integrity

The user’s Security & Privacy preferences govern the use of downloaded apps. Apps downloaded from the Mac App Store are always approved for use. The user can optionally turn on the usage of apps created by known developers.

Vend your app from the Mac App Store. Users know that every app in the store has been reviewed by Apple and has not been tampered with.

Sign your app with a valid Developer ID. If you choose to distribute your app outside the store, signing your app with Developer ID identifies you as an Apple developer and confirms that your app is safe to use. For developer guidance, see Xcode Help.

Protect user data with app sandboxing. Sandboxing provides your app with access to system resources and user data while protecting it from malware. All apps submitted to the Mac App Store require sandboxing. For developer guidance, see App Sandbox Design Guide.