People appreciate the security of macOS and expect their apps to be equally secure. When you take advantage of system-provided security technologies, you can securely store information locally, authorize a user for specific operations, and transport information across a network.

Avoid relying solely on passwords for authentication. Take advantage of other technologies like Touch ID, which lets the user authenticate with their fingerprint. For developer guidance, see LocalAuthentication.

Store sensitive information in a keychain. A keychain provides a secure, predictable user experience when handling a user’s private information. For developer guidance, see Keychain Services.

Never store passwords or other secure content in plain-text files. Even if you restrict access using file permissions, sensitive information is much safer in a keychain.

Make assumptions wisely. For example, don’t assume that only one user is logged in. Because of fast user switching, multiple users may be active on the same system.

Avoid inventing custom authentication schemes. If your app requires authentication, use the system-provided authorization APIs. For related guidance, see Authentication.

Factor out code that requires privileged access into a separate process. Factoring isolates the secure code from the nonsecure code and makes it easier to verify that no rogue operations are occurring that could do damage, whether intentionally or unintentionally.

Be wary of loaded and privileged code. In particular, avoid loading privileged code plug-ins, which adopt the privileges of their parent process. Avoid calling potentially dangerous functions, like system or popen from loaded or privileged code.

For developer guidance, see Security.

Ensuring App Integrity

The user’s Security & Privacy preferences govern the use of downloaded apps. Apps downloaded from the Mac App Store are always approved from use. The user can optionally enable the usage of apps created by known developers.

Vend your app from the Mac App Store. Users know that every app in the Mac App Store has been reviewed by Apple and has not been tampered with.

Sign your app with a valid Developer ID if you choose to distribute your app outside of the Mac App Store. This identifies you as an Apple developer and makes sure users can open your app if they choose to do so. For developer guidance, see App Distribution Guide.

Enable app sandboxing to help protect user data. Sandboxing lets your app access what it needs, while limiting access to other system resources and user data. Sandboxing also protects your app from malware. All apps submitted to the Mac App Store require sandboxing. For developer guidance, see App Sandbox Design Guide.