Third party app -> Guidelines -> App Store -> End users
Third-party apps have to be reviewed by Apple. The apps that passed the review are signed by Apple
iOS devices are only allowed to download apps through the App store
Sandboxing
App -> MyApp.app, Documtents, Library, tmp
Each app has a unique home directory for its files
Apps are restricted from accessing files stored by other apps or from making changes to the device
Address Space Layout Randomization
stack, heap, main executable, and dynamic libraries
Lib A, Lib B, Lib C: Memory Layout
Data Execution Prevention
Stack <- execute, Code <- write
