What code signing does

Every iOS app must be signed before it can run on a device. Apple's codesign process attaches a digital signature derived from a signing certificate issued through an Apple Developer account, along with an entitlements list and an embedded provisioning profile. iOS validates this signature at install and at every launch, ensuring the binary has not been altered and that it comes from a trusted source.

The signature covers the app's executable and resources via a sealed code signature (stored in `_CodeSignature`). If even one byte of a signed file changes, the signature breaks and Gatekeeper-style checks on iOS refuse to run it. This is the mechanism behind Apple's closed-platform security model.

Certificates, profiles, and entitlements

Two certificate types exist: Development (for debugging on registered devices) and Distribution (for the App Store, Ad Hoc, or Enterprise). A provisioning profile ties together the App ID, the signing certificate, the allowed devices, and the requested entitlements (such as Push Notifications, iCloud, or App Groups). Xcode's Automatically manage signing handles this for most developers, while manual signing is used for CI and enterprise pipelines.

When an app is exported as an IPA for the App Store, it is re-signed for distribution, and App Store Connect verifies the chain back to Apple's root certificate. Expired certificates or profiles cause the familiar 'Unable to Install' and 'Untrusted Developer' errors on device.

Relevance to apps and storage

Code signing is why iOS apps are sandboxed and trusted: each app, including a storage cleaner like Cleanor, runs only with the entitlements its profile grants, which limits what files it can touch. This sandbox is also why no iOS app can freely scan another app's private storage the way some Android tools can. Cleanor works within the PhotoKit and Files APIs Apple permits to help you find duplicates and large media.