Skip to Content

Learning About XPC Services

Recently I started looking at old WWDC sessions and found an interesting concept on the Mac that (sadly) hasn’t made its way to iOS yet: XPC services (for interprocess communication).

An XPC service is a little embedded headless “app” in your main application bundle that can be launched on-demand by the system to perform a single sandboxed task and report back to the main application using the NSXPCConnection APIs in Foundation or the low-level XPC framework.

This provides crash isolation and improved security by only enabling sandbox features that are actually needed, e.g. network client activity or file-system access.

Use Cases

The WWDC sessions provide an interesting use case with an app that downloads and compresses a file at a provided URL. The sample app consists of the sandboxed main app with the primary UI and it embeds two XPC services: a file downloader service and a compression service. The main app doesn’t need networking entitlements because it only kicks off the downloader service and provides error handling and progress UI. This downloader services doesn’t need any permissions apart from the network client access. And the compressor only needs write access to the file system. You can pass NSFileHandles through XPC connections and therefore can save the compressed file to the intended target location.

Now let’s say the downloader service crashes because of a malicious web service. The main app won’t be affected by this and it can present the error or even auto-retry the download without blocking the UI or crashing. As I mentioned above, security is an important aspect of XPC because exploited services won’t be able to cause as much damage as an unsandboxed application with complete file system and network access.

I just find all of it interesting right now and will see what I can do with this API in the future. The iOS extension system is also based on XPC services, but they are much more focused on pre-defined use cases.

Selected WWDC Sessions