Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
iOS Security - Hacking iOS Apps
Search
Bruno Rocha
June 11, 2017
Technology
0
17
iOS Security - Hacking iOS Apps
TDC 2017
Bruno Rocha
June 11, 2017
Tweet
Share
More Decks by Bruno Rocha
See All by Bruno Rocha
BuckOutsideValley.pdf
rockbruno
1
100
Avoiding Release Anxiety
rockbruno
0
18
Creating Scalable iOS Apps
rockbruno
0
11
Other Decks in Technology
See All in Technology
Backlog AI アシスタントが切り開く未来
vvatanabe
1
140
Strands Agents & Bedrock AgentCoreを1分でおさらい
minorun365
PRO
8
350
ユーザー課題を愛し抜く――AI時代のPdM価値
kakehashi
PRO
1
120
薬屋のひとりごとにみるトラブルシューティング
tomokusaba
0
360
MCP認可の現在地と自律型エージェント対応に向けた課題 / MCP Authorization Today and Challenges to Support Autonomous Agents
yokawasa
5
2.4k
九州の人に知ってもらいたいGISスポット / gis spot in kyushu 2025
sakaik
0
170
プロダクトエンジニアリングで開発の楽しさを拡張する話
barometrica
0
190
Amazon Inspector コードセキュリティで手軽に実現するシフトレフト
maimyyym
0
120
はじめての転職講座/The Guide of First Career Change
kwappa
5
4.1k
AIに頼りすぎない新人育成術
cuebic9bic
3
310
[OCI Technical Deep Dive] OracleのAI戦略(2025年8月5日開催)
oracle4engineer
PRO
1
180
Rubyの国のPerlMonger
anatofuz
3
740
Featured
See All Featured
Product Roadmaps are Hard
iamctodd
PRO
54
11k
Writing Fast Ruby
sferik
628
62k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
131
19k
Designing Experiences People Love
moore
142
24k
Java REST API Framework Comparison - PWX 2021
mraible
33
8.8k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
44
2.4k
What's in a price? How to price your products and services
michaelherold
246
12k
Music & Morning Musume
bryan
46
6.7k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
7
800
Scaling GitHub
holman
461
140k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
Transcript
iOS Security Bruno Rocha iOS Developer @ Movile
Bad people
Crypto keys in NSUserDefaults/Keychain Secret API Keys in the Info.plist
or hardcoded CoreData/SQLite with sensitive data var isSubscribed: Bool
NSUserDefaults - Documents folder, not encrypted CoreData - Documents folder,
not encrypted Info.plist - Exposed in your .ipa/.app Keychain - Encrypted, but exploitable NSKeyedArchiver - A plist in hex format
None
None
var isSubscribed: Bool { let subscription = getSubscription() return subscription.isExpired
== false } var swizzled__isSubscribed: Bool { return true }
None
Demo 1: Insecure Data Storages
Protecting apps from Storage Attacks • Encrypt/Encode data before saving/
hardcoding (Careful! This will not prevent attacks, only slow them down.) • Treat critical data (like secret API keys) server-side if possible • Open Source “String obfuscation" libs: Hackers have Google too.
Demo 2: Runtime Manipulation
Protecting apps from Runtime Manipulation Important logic should be treated/
checked server-side! (eg: API Tokens)
Protecting apps from Runtime Manipulation
Protecting apps from Runtime Manipulation
What about the real world?
rockbruno
vvatanabe
minorun365
kakehashi
tomokusaba
yokawasa
sakaik
barometrica
maimyyym
kwappa
cuebic9bic
oracle4engineer
anatofuz
iamctodd
sferik
morganepeng
moore
mraible
smashingmag
bcantrill
michaelherold
bryan
addyosmani
holman
pedronauck
