Operating Systems Deep Dive · 6 of 6

iOS — The Sandbox With a Premium Address

iOS shares a kernel and most frameworks with macOS, but lives under far stricter rules: every app is sandboxed, every binary is signed, every install goes through Apple. That tradeoff — less freedom for developers, fewer footguns for users — is why iPhone is the platform people pay for and developers ship to first.

DarwinXNUSwiftSandboxApp Store
← Back to Foundations
Quick Facts

What iOS Is

Basic Concepts

  • Shared core with macOS: Same Darwin (XNU + BSD userland), same Foundation, same Swift compiler. Different UI frameworks and policies.
  • Family of OSes: iOS (iPhone), iPadOS (iPad), watchOS (Watch), tvOS (Apple TV), visionOS (Vision Pro). One toolchain, one language.
  • UI frameworks: UIKit (imperative, since 2007), SwiftUI (declarative, since 2019). Apps in production today usually mix both.
  • App distribution: Through the App Store. Sideloading is restricted — a court-mandated alt-store path exists in some regions but Apple still gates signing.
  • Hardware: ARM64 since the iPhone 5s (2013). Apple's own SoCs (A-series, now the M-series shared with iPad/Mac).
Architecture

The Layers

LayerWhat It Does
XNU kernelSame Mach + BSD hybrid as macOS. Process scheduling, memory, syscalls.
Core OSBionic-style libc, dyld linker, security daemons, kernel extensions.
Core ServicesFoundation, Core Data, CloudKit, Network framework, Grand Central Dispatch.
MediaCore Animation, Core Graphics, Metal, AVFoundation.
Cocoa TouchUIKit — the touch-first app framework. SwiftUI sits beside it.
AppsSandboxed, signed, distributed via Apple.
Security Model

Why Malware Is Rare

Mandatory Code Signing

The kernel will not execute unsigned code. Every binary — app, framework, dylib — must be signed by an Apple-issued certificate. This blocks an entire class of attacks where malware drops a payload to disk and runs it.

App Sandbox

Every app runs as its own user with access only to its container directory. To touch the camera, microphone, photos, contacts, or location, the app must declare an entitlement and the user must approve a runtime prompt. Background access is further gated.

Secure Enclave

A separate coprocessor with its own OS (sepOS), holding biometric data, keychain keys, and Apple Pay tokens. Even a fully-rooted main OS can't extract secrets from it. Face ID / Touch ID never leave the enclave.

App Review

Every submission is reviewed before reaching the store. Inconsistent in practice, but it filters obvious malware and policy violations. Combined with kill-switch revocation, Apple can yank a malicious app from every device in hours.

Developer Stack

What You Build With

Tool / FrameworkRole
SwiftThe modern primary language. Strongly typed, ARC-managed, value-type-friendly.
Objective-CLegacy but still pervasive — UIKit's history is here. Bridges seamlessly with Swift.
XcodeThe only supported IDE. Includes simulators, Instruments, code signing, App Store submission.
SwiftUIDeclarative UI shared across iOS, macOS, watchOS, tvOS, visionOS.
UIKitImperative UI framework. Still used heavily for complex apps and animations.
TestFlightBeta-distribution service for staged rollouts.
CloudKitApple-hosted backend for storing user data without running servers.
App Lifecycle

How Apps Behave

  • Foreground / background / suspended. The OS suspends apps quickly when backgrounded. Memory is reclaimed under pressure.
  • Background modes are explicit. Audio, location, VoIP, BLE, Push — each requires a declared capability.
  • Push notifications wake apps briefly via APNs. There is no equivalent to Android's freeform background services.
  • Background tasks are scheduled by the system and run when battery and network conditions permit.
Why It Wins

What iOS Does Better Than Anyone

  • One target, one toolchain. A handful of device sizes, a single OS to support — testing matrix is a fraction of Android's.
  • Long updates. Devices receive major OS upgrades for ~6 years. Your minimum supported version moves predictably.
  • User willingness to pay. Higher ARPU, fewer abandoned carts, better subscription conversion.
  • Hardware-software integration. Apple controls the SoC, the OS, the frameworks — features like ProMotion, Metal, Secure Enclave just work.
Reality Check

Where iOS Struggles

  • Mac required. Xcode is macOS-only. CI for iOS means renting Mac runners.
  • App Review friction. Rejections can derail launches; rules shift; appeals are slow.
  • 30% / 15% commission on App Store sales — the tax that funds the platform and that developers love to dispute.
  • Less openness. No alternative app stores in most regions, sideloading limited, kernel and many frameworks closed.
Continue

More Operating Systems

← Linux ← Windows ← macOS ← Unix & BSD ← Android ↑ Back to Foundations