Secure IPC between Apps of same App-Group

Hi, I am looking for a secure IPC between 2 apps in the same App group. Both the apps will be sandboxed. I am planning to have one "UI" app and a service App that serves the UI app. I want the communication between the apps to be secure. In this context secure means that even the user/Admin/root of the Mac cannot snoop the actual messages.

  • I have looked at XPC as an option. But my understanding is that the messages are not encrypted and so the local user can snoop the messages using tools like XPoCe and XPCspy. Please correct me if I am wrong.

http://newosxbook.com/tools/XPoCe2.html https://github.com/hot3eed/xpcspy

  • Other option I was thinking was using socket/Rest/grpc using TCP ports and encrypt the messages. Encrypting requires certificates. So can I store private keys in keyChain or App-Group folder? This private cert stored in keychain should not be extractable by the Admin/root of the Mac as well. Please let me know if this is possible.

Thanks a lot for your help.

Answered by DTS Engineer in 679735022

Are you sandboxing because it’s the right thing to do? Or sandboxing because you intend to deploy via the Mac App Store?

This matters because it significantly impacts your IPC choices.


But my understanding is that the messages are not encrypted and so the local user can snoop the messages

I’m not going to go into the mechanics of this but I want to be clear that the Mac is an open platform and that means that there’s no guaranteed way to protect your communication. Let’s say you encrypt your IPC. There’s nothing stopping an admin user from disassembling your app to extract the encryption keys (or to figure out where your app stored the encryption keys).

What you’re trying to do here is implement a DRM scheme: You want to give the user some content but ensure that they only use it in a specific way. DRM schemes are never perfect and they always come with drawbacks. Moreover, the better you try to make them the worse these drawbacks become. For more background on this, see this post and the thread that it links to.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Accepted Answer

Are you sandboxing because it’s the right thing to do? Or sandboxing because you intend to deploy via the Mac App Store?

This matters because it significantly impacts your IPC choices.


But my understanding is that the messages are not encrypted and so the local user can snoop the messages

I’m not going to go into the mechanics of this but I want to be clear that the Mac is an open platform and that means that there’s no guaranteed way to protect your communication. Let’s say you encrypt your IPC. There’s nothing stopping an admin user from disassembling your app to extract the encryption keys (or to figure out where your app stored the encryption keys).

What you’re trying to do here is implement a DRM scheme: You want to give the user some content but ensure that they only use it in a specific way. DRM schemes are never perfect and they always come with drawbacks. Moreover, the better you try to make them the worse these drawbacks become. For more background on this, see this post and the thread that it links to.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Thanks Eskimo!

My app is a Developer-ID signed Network Extension App and so will require the sandboxing from what I understand. Thanks for pointing me in the right direction. Will try out XPC.

My app is a Developer-ID signed Network Extension App and so will require the sandboxing from what I understand.

Yes.

Will try out XPC.

Cool. Note that we’ve recently shipped a number of updates to the XPC C API that help with this problem. See Validating Signature Of XPC Process for the details.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Secure IPC between Apps of same App-Group
 
 
Q