On iOS AIR conforms to the native security model. At the
same time, AIR maintains its own security rules, which are intended
to make it easy for developers to write secure, Internet-connected
applications.
Since AIR applications on iOS use the iOS package format, installation
falls under the iOS security model. The AIR application installer
is not used. Furthermore, a separate AIR runtime is not used on
iOS devices. Every AIR application contains all the code needed
to function.
Important:
Since the runtime code is included as part
of your application, it is not automatically updated when Adobe
releases a new version of AIR. It is your responsibility to update
your application when relevant security updates are published by Adobe.
Application signatures
All application
packages created for the iOS platform must be signed. Since AIR applications
on iOS are packaged in the native iOS IPA format, they are signed
in accordance with iOS requirements rather than AIR requirements.
While iOS and AIR use code signing in a similar fashion, there are
significant differences:
-
On iOS, the certificate used
to sign an application must be issued by Apple; Certificates from
other certificate authorities cannot be used.
-
On iOS, Apple-issued distribution certificates are typically
valid for one year.
