Security Model
How Function guarantees code safety and security.
Function works by sending compiled binaries to end users’ devices. As such, Function is carefully designed to minimize any attack surface that exists in downloading and executing software binaries.
Code Provenance
Function works by lowering Python code to native code that is then compiled. This process involves reimplementing Python operations natively. These native implementations are written and maintained by us, and are rigorously tested to ensure correctness and memory safety.
This means that regardless of what the original Python code does, the resulting compiled binary will only ever contain code, written, reviewed, and tested by us.
Prohibited Python APIs
Prohibited Python APIs
Python code that uses the following sensitive or dangerous APIs will fail to compile:
- File system access.
- Hardware access (e.g. camera, microphone).
This list is not exhaustive.
Code Signing
When we compile native binaries, we perform code signing for platforms that support it:
Android
Android
Android does not support code-signing on individual native binaries. Instead, apps which contain these binaries are code-signed for Play Store distribution.
iOS
iOS
Binaries are code signed.
Linux
Linux
Code signing is not supported by Linux.
macOS
macOS
Binaries are code signed. At runtime, code-signing is verified with SecStaticCodeCheckValidity
before the predictor is loaded.
Current Function SDKs do not perform signature verification at runtime. We will add signature verification in upcoming updates.
visionOS
visionOS
Binaries are code signed.
Web
Web
Code signing is not supported by WebAssembly.
Windows
Windows
While not yet supported, binaries will be code signed. At runtime, code-signing is verified with WinVerifyTrust.
We are working on code-signing all Windows binaries.
Code Sandboxing
On Android, iOS, macOS (App Store), and visionOS, there are strict sandboxing restrictions that prohibit downloading and executing code at runtime. As a result, Function client SDKs for Android, Swift, React Native, and Unity Engine allow you to embed predictors into the app bundle at build time:
Function for Android
Function for Android
Use the ai.fxn.fxn-gradle Gradle
plugin in your build.gradle or build.gradle.kts file like so:
Make sure to add a FunctionEmbed entry for every predictor your app uses.
Function for React Native
Function for React Native
Coming soon.
Function for Swift
Function for Swift
Coming soon.
Function for Unity
Function for Unity
Embed predictors by adding the Function.EmbedAttribute attribute to any class or struct in your project code:
When building your Unity app, the Function SDK will fetch and embed predictors using the Function access key in your project settings.
The Function.EmbedAttribute attribute can accept multiple predictor tags.
If you use a custom proxy URL with custom authentication, you can instead apply
the attribute to a static property that returns your authenticated Function client:
With predictor embedding, all prediction code will be present for code review and signing when the application is archived for distribution (e.g. on the App Store or Play Store).
Data Collection
At runtime, end user devices will make web requests to the Function API to retrieve a predictor; and to report telemetry data. Below is the data that the Function SDK transmits from user devices to the Function API:
Processor Identifier
Processor Identifier
Because Function is designed to hyper-target hardware, the Function client SDKs report metadata including:
- Operating system (e.g.
ios). - Processor architecture (e.g.
arm64). - CPU instruction sets (e.g.
avx512-vnni). - GPU compute capability (e.g. Nvidia
sm_90).
The Function SDK never reports any user-identifying information.
Configuration Identifier
Configuration Identifier
This is a unique, random string identifying the Function client SDK on the current device.
Prediction Telemetry
Prediction Telemetry
The Function client SDKs report performance statistics for predictions run on the current device. This is used to search for optimal predictor implementations for a given device.