development

Hardened Runtime

A macOS security feature that protects an app from code injection, dylib hijacking, and memory tampering at runtime. Required for notarization.

notarization code signing gatekeeper

Hardened Runtime is a security hardening mechanism for macOS apps that restricts potentially dangerous runtime behaviors. When enabled, the system prevents your app from loading arbitrary libraries, accessing executable memory, and being modified by other processes.

What Hardened Runtime Protects Against

  • Loading unsigned or ad-hoc signed dynamic libraries
  • Executing writable memory (JIT compilation without explicit entitlement)
  • DYLD environment variable injection
  • Task port access by other processes
  • Debugger attachment (without explicit entitlement)

Enabling Hardened Runtime

In Xcode:

  1. Select your app target
  2. Go to Signing & Capabilities
  3. Click ”+” and add “Hardened Runtime”

The capability adds the --options runtime flag to the code signing process.

Runtime Exceptions

Some apps need specific exceptions to function. Each exception is an entitlement:

  • com.apple.security.cs.allow-unsigned-executable-memory - for JIT compilation
  • com.apple.security.cs.allow-dyld-environment-variables - for plugin loading
  • com.apple.security.cs.disable-library-validation - for loading third-party frameworks

Minimize exceptions. Each one reduces security and may trigger additional scrutiny during notarization review.

Hardened Runtime and Notarization

Hardened Runtime is a prerequisite for notarization. If you submit an app for notarization without Hardened Runtime enabled, the submission will be rejected. Enable it before your first notarization attempt.