iOS application signing
The following is the overall process about how Apple publishes an iOS app on App Store:
- All applications running on iDevice are signed by Apple
- The developer signs the apps and submits application to Apple
- Apple verifies it (performs some rudimentary checks, not vulnerability assessment of app)
- If app meets with Apple requirements, Apple signs the application
- Finally the app is available on Apple App Store
Apple's process of checking iOS apps before signing the application is not transparent. Case studies show that Apple does not perform thorough vulnerability assessment of any app. As shown in the following figure, iOS kernel loads applications signed by Apple: