Protecting Users from Suspicious Software

Apple is committed to providing great experiences that respect customer privacy and security. When joining the Apple Developer Program and accepting the Program License Agreement, developers agree to ensure that their software is safe and secure for their users. They also agree to cooperate with Apple systems, such as the notary service, designed to help protect users from malware (e.g., viruses, trojan horses, backdoors, ransomware, spyware) or malicious, suspicious, or harmful code or components when distributing Developer ID–signed Mac software outside the Mac App Store. The examples below are provided to help clarify some of the behavior that is not permitted for Mac software distributed in this way.

Examples of Suspicious Software

Software with the following qualities may qualify as malware or contain malicious, suspicious, or harmful code or components:

Deceptive.

  • Misrepresents the software’s functionality or misleads the user about the purpose of the software (e.g., the software claims to protect users from malware but has no functionality to do so).
  • Misleads the user about the software’s developer or the origin of the software (e.g., displays a user interface that mimics macOS or another app).
  • Installs additional software components on a user’s system other than those clearly described in advertising, user interface, or documentation.
  • Makes misleading claims about the software or the status of a user’s system (e.g., “Your Mac is infected”).
  • Consumes system resources like disk space, network bandwidth, or CPU or GPU cycles (e.g., a hidden cryptographic currency miner) without the user’s consent.

Difficult or costly to remove.

  • Actively or passively frustrates user attempts to close or remove the software (e.g., provides false warnings regarding effects of closing or removing the software).
  • Charges fees to a user to remove the software.
  • Displays ads to a user that are difficult to close or that are displayed outside the software itself.

Degrades security or privacy.

  • Enables any party to control the system without the user’s consent.
  • Enables distribution of other malicious, suspicious, or harmful software.
  • Reconfigures the system or other software without user transparency or consent, including but not limited to: changing DNS settings, creating network proxies or firewall rules, changing browser settings, installing custom CA certificates, or intercepting, redirecting, or modifying the user’s web browsing or any other network connections.
  • Collects or transmits private or sensitive data without a user’s knowledge or in a manner contrary to the stated purpose of the software (e.g., sends user documents to a server, monitors keystrokes, tracks a user’s browsing without prior consent).
  • Controls or interferes with a user’s experience outside of the use of the software, such as by forcing a user to approve a system dialog, change a setting or by prohibiting a user from accessing other software.
  • Directs users to lower the security of their system.

Additional Details

If you believe you have encountered malicious, suspicious, or harmful software for Apple platforms, please notify Product Security.