Chapter 11: Batten the Hatches with Security Services
iOS is likely the first platform that most developers encounter that employs a true least-privilege security model. Most modern operating systems employ some kind of privilege separation, allowing different processes to run with different permissions, but this is almost always used in a very coarse way. Most applications on Unix, OS X, and Windows run as either the current user or a superuser, which can do nearly anything. Attempts to segment this further, whether with Security Enhanced Linux (SELinux) or Windows User Account Control (UAC), have generally led to developer revolt. The most common questions about SELinux are not how to best develop for it, but how to turn it off.
Coming from these backgrounds, developers tend to be shocked when encountering the iOS security model. Rather than ensure maximal flexibility, Apple’s approach has been to give developers the least privileges it can and see what software developers are incapable of making with those privileges. Then Apple provides the least additional privileges that allow the kinds of software it wants for the platform. This can be very restrictive on developers, but it’s also kept iOS quite stable and free of malware. Apple is unlikely to change its stance on this, so understanding and dealing with the security model is critical to iOS development.
This chapter shows the way around the iOS security model, dives into the numerous security services that iOS offers, ...
