Security on iOS devices

On iOS AIR conforms to the native security model. At the same time, AIR maintains its own security rules, which are intended to make it easy for developers to write secure, Internet-connected applications.

Since AIR applications on iOS use the iOS package format, installation falls under the iOS security model. The AIR application installer is not used. Furthermore, a separate AIR runtime is not used on iOS devices. Every AIR application contains all the code needed to function.

Important: Since the runtime code is included as part of your application, it is not automatically updated when Adobe releases a new version of AIR. It is your responsibility to update your application when relevant security updates are published by Adobe.

Application signatures

All application packages created for the iOS platform must be signed. Since AIR applications on iOS are packaged in the native iOS IPA format, they are signed in accordance with iOS requirements rather than AIR requirements. While iOS and AIR use code signing in a similar fashion, there are significant differences:

  • On iOS, the certificate used to sign an application must be issued by Apple; Certificates from other certificate authorities cannot be used.

  • On iOS, Apple-issued distribution certificates are typically valid for one year.