# Security

# Downloading Install Media

Alectrona Patch is designed to obtain install media directly from the vendor. This means that when installing/updating a software title, the publicly available install media is cached on a client directly from the vendor, and then installed.

The network connections initiated by Alectrona Patch rely on Apple's App Transport Security (ATS) feature. ATS requires that network connections are secured by the Transport Layer Security (TLS) protocol using reliable certificates and ciphers. ATS blocks connections that don’t meet minimum security requirements. More information about ATS can be found below.

Apple Developer - Preventing Insecure Network Connections (opens new window)

# Validating Install Media

Prior to installation, Alectrona Patch will perform security validations to ensure the software being installed is what you expect.

  • When installing a package file (.pkg/.mpkg) Alectrona Patch will check the signature/certificates used when signing the package to ensure it matches what we expect.
  • When installing an application (.app) inside a compressed container (.dmg/.zip etc.) Alectrona Patch will extract the application from its original container, then validate the Code Signing Requirement (opens new window) of the application. This is the same requirement that you'd use when creating a PPPC profile using your MDM.

If the security validations fail for any reason, the software is not installed.

# Client-Side Data Security

Alectrona Patch does not capture/record/track any sensitive information about your Macs. The client-side data leveraged during the installation of software is as follows:

  • The UDID (Unique Device Identifier), which is like the Social Security Number of a Mac, is sent in a request to our Patch API along with your Alectrona Patch license key in order to grant your Mac access to our Patch Catalog. The UDID is simply used to identify unique Macs using the same license key for billing purposes.
  • The architecture type of a Mac (Intel/Apple Silicon) is also sent in the request in order provide builds of software that match the architecture of the Mac making the request.

Have more questions?

Additional details covering Alectrona Patch's security are available upon request.