Inside my NEFilterDataProvider, I am retrieving the code signature informations from socketFlow.sourceAppAuditToken (thanks to the good advice of Eskimo).
This takes a little bit of time though. Is it reasonable to cache the sourceAppAuditToken ?
I am thinking of keeping a dictionary that would map the sourceAppAuditToken to their String identifier. Is it reasonable, or is it insecure to do so?
Separately, I have seen that socketFlow.description contains a lot of really useful information, including bundleId, etc.
How is that bundleId computed? (there is an insecure way : just retrieving it from the Info.plist, and a secure way: retrieving it from the code signature). Also, is there a better way to access this information that parsing the socketFlow.description string itself?