iOS apps on macOS : less secure ?

I am trying to understand the mechanics of how iOS/iPadOS apps work on macs with Apple Silicon.

In particular, I'd like to understand the runtime environment of these apps.

I installed one to test it on a mac. I ran codesign --entitlements on a mac, on an iOS app downloaded form the mac app store.

I was very surprised to see the sandbox entitement was NOT present.

On iOS all apps are sandboxed, so I was very surprised to see that the macOS translation was not sandbox. This seems like a significant weakening of the security.

Can anyone shed some light on that?

On iOS all apps are sandboxed

Correct.

I was very surprised to see that the macOS translation was not sandbox.

You’ve misunderstood how these parts fit together. Let me see if I can clarify that.

Apple platforms have a sandboxing technology that’s very generic. One instance of that technology is the App Sandbox on macOS. However, the underlying technology is used in a variety of other circumstances. For example, most macOS daemons run in a custom sandbox that uses the same underlying technology.

On iOS, all apps run in a default sandbox. That sandbox is another incarnation of the same underlying sandbox technology. Architecturally, it’s a peer of the Mac’s App Sandbox.

When you run an iOS app on the Mac, you’re running the same executable as you run on iOS. The installation process doesn’t need to apply the macOS App Sandbox entitlement to your app because:

  1. macOS recognises your app as an iOS app running on the Mac.

  2. And applies an iOS-style sandbox automatically.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

iOS apps on macOS : less secure ?
 
 
Q