{
	"id": "3c7671fa-c010-4a4e-bf2d-1fff8926d594",
	"created_at": "2026-04-06T00:18:52.282071Z",
	"updated_at": "2026-04-10T03:21:41.342005Z",
	"deleted_at": null,
	"sha1_hash": "ae4f669d042aa790c5ebebeabfe181b9d1343f40",
	"title": "App security overview",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 38132,
	"plain_text": "App security overview\r\nArchived: 2026-04-05 18:45:38 UTC\r\nToday, apps are among the most critical elements of a security architecture. Even as apps provide productivity\r\nbenefits for users, they also have the potential to negatively impact system security, stability, and user data if\r\nthey’re not handled properly.\r\nBecause of this, Apple provides layers of protection to help ensure that apps are free of known malware and\r\nhaven’t been tampered with. Additional protections enforce that access from apps to user data is carefully\r\nmediated. These security controls provide a stable, secure platform for apps, enabling thousands of developers to\r\ndeliver hundreds of thousands of apps for iOS, iPadOS, macOS, tvOS, visionOS, and watchOS—all without\r\nimpacting system integrity. And users can access these apps on their Apple devices without undue fear of viruses,\r\nmalware, or unauthorized attacks.\r\nOn iPad and iPhone, the design principle focuses on centralized distribution, code signing, and strict sandboxing\r\nto provide the tightest controls. To reflect the Digital Market Act’s requirements, users in the European Union\r\n(EU) can install apps from alternative app marketplaces and directly from an authorized developer’s website,\r\nwhich introduces additional risks. Apple introduced protections, including (but not limited to):\r\nNotarization for apps\r\nAn authorization for marketplace developers\r\nDisclosures on alternative payments\r\nInstall confirmations that provide the user Apple-verified information about the app\r\nThese help to reduce risks and deliver the best, most secure experience possible for users in the EU. Even with\r\nthese safeguards in place, many risks remain including a greater prevalence of malware, fraud and scams, illicit\r\nand harmful content, and other privacy and security threats. For more information, see Update on apps distributed\r\nin the European Union on the Apple Developer website.\r\nOn Mac, many apps are obtained from the App Store, but Mac users also download and use apps from the internet.\r\nTo safely support internet downloading, macOS layers additional controls. First, by default in macOS 10.15 or\r\nlater, all Mac apps need to be notarized by Apple to launch. This requirement helps ensure that these apps are free\r\nof known malware, without requiring that the apps be provided through the App Store. Second, macOS includes\r\nstate-of-the-art antivirus protection to block—and if necessary remove—malware.\r\nAs an additional control across platforms, sandboxing helps protect user data from unauthorized access by apps.\r\nAnd in macOS, data in critical areas is itself protected—which helps ensure that users remain in control of access\r\nhttps://support.apple.com/guide/security/app-security-overview-sec35dd877d0/1/web/1\r\nPage 1 of 3\n\nto files in Desktop, Documents, Downloads, and other areas from all apps, whether the apps attempting access are\r\nthemselves sandboxed or not.\r\nNative capability Third-party equivalent\r\nApp notarization Built into macOS\r\nKext exclude list Built into macOS\r\nMandatory Access Controls Built into macOS\r\nMandatory app code signing Built into macOS\r\nSystem Integrity Protection Built into macOS\r\nGatekeeper\r\nEndpoint protection; enforces code signing on apps to help\r\nensure that only trusted software runs\r\nApplication firewall Endpoint protection; firewalling\r\neficheck\r\n(Necessary for a Mac without an Apple\r\nT2 Security Chip)\r\nEndpoint protection; rootkit detection\r\nPacket Filter (pf) Firewall solutions\r\nFile Quarantine Virus/Malware definitions\r\nPlug-in unapproved list, Safari extension\r\nunapproved list\r\nVirus/Malware definitions\r\nhttps://support.apple.com/guide/security/app-security-overview-sec35dd877d0/1/web/1\r\nPage 2 of 3\n\nNative capability Third-party equivalent\r\nXProtect/YARA signatures Virus/Malware definitions; endpoint protection\r\nPlease don’t include any personal information in your comment.\r\nMaximum character limit is 250.\r\nThanks for your feedback.\r\nSource: https://support.apple.com/guide/security/app-security-overview-sec35dd877d0/1/web/1\r\nhttps://support.apple.com/guide/security/app-security-overview-sec35dd877d0/1/web/1\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://support.apple.com/guide/security/app-security-overview-sec35dd877d0/1/web/1"
	],
	"report_names": [
		"1"
	],
	"threat_actors": [],
	"ts_created_at": 1775434732,
	"ts_updated_at": 1775791301,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/ae4f669d042aa790c5ebebeabfe181b9d1343f40.pdf",
		"text": "https://archive.orkl.eu/ae4f669d042aa790c5ebebeabfe181b9d1343f40.txt",
		"img": "https://archive.orkl.eu/ae4f669d042aa790c5ebebeabfe181b9d1343f40.jpg"
	}
}