Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
iOS Security - Hacking iOS Apps
Search
Bruno Rocha
June 11, 2017
Technology
0
19
iOS Security - Hacking iOS Apps
TDC 2017
Bruno Rocha
June 11, 2017
Tweet
Share
More Decks by Bruno Rocha
See All by Bruno Rocha
BuckOutsideValley.pdf
rockbruno
1
100
Avoiding Release Anxiety
rockbruno
0
23
Creating Scalable iOS Apps
rockbruno
0
12
Other Decks in Technology
See All in Technology
What happened to RubyGems and what can we learn?
mikemcquaid
0
280
制約が導く迷わない設計 〜 信頼性と運用性を両立するマイナンバー管理システムの実践 〜
bwkw
3
920
SREじゃなかった僕らがenablingを通じて「SRE実践者」になるまでのリアル / SRE Kaigi 2026
aeonpeople
6
2.2k
【Oracle Cloud ウェビナー】[Oracle AI Database + AWS] Oracle Database@AWSで広がるクラウドの新たな選択肢とAI時代のデータ戦略
oracle4engineer
PRO
1
130
Webhook best practices for rock solid and resilient deployments
glaforge
1
280
データ民主化のための LLM 活用状況と課題紹介(IVRy の場合)
wxyzzz
2
700
M&A 後の統合をどう進めるか ─ ナレッジワーク × Poetics が実践した組織とシステムの融合
kworkdev
PRO
1
430
20260204_Midosuji_Tech
takuyay0ne
1
140
ブロックテーマ、WordPress でウェブサイトをつくるということ / 2026.02.07 Gifu WordPress Meetup
torounit
0
170
Amazon Bedrock Knowledge Basesチャンキング解説!
aoinoguchi
0
130
Contract One Engineering Unit 紹介資料
sansan33
PRO
0
13k
Embedded SREの終わりを設計する 「なんとなく」から計画的な自立支援へ
sansantech
PRO
3
2.3k
Featured
See All Featured
Done Done
chrislema
186
16k
A Soul's Torment
seathinner
5
2.2k
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
inesmontani
PRO
0
210
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
133
19k
Public Speaking Without Barfing On Your Shoes - THAT 2023
reverentgeek
1
300
Highjacked: Video Game Concept Design
rkendrick25
PRO
1
290
How to Grow Your eCommerce with AI & Automation
katarinadahlin
PRO
0
110
Are puppies a ranking factor?
jonoalderson
1
2.7k
Marketing to machines
jonoalderson
1
4.6k
How to Align SEO within the Product Triangle To Get Buy-In & Support - #RIMC
aleyda
1
1.4k
Speed Design
sergeychernyshev
33
1.5k
Practical Orchestrator
shlominoach
191
11k
Transcript
iOS Security Bruno Rocha iOS Developer @ Movile
Bad people
Crypto keys in NSUserDefaults/Keychain Secret API Keys in the Info.plist
or hardcoded CoreData/SQLite with sensitive data var isSubscribed: Bool
NSUserDefaults - Documents folder, not encrypted CoreData - Documents folder,
not encrypted Info.plist - Exposed in your .ipa/.app Keychain - Encrypted, but exploitable NSKeyedArchiver - A plist in hex format
None
None
var isSubscribed: Bool { let subscription = getSubscription() return subscription.isExpired
== false } var swizzled__isSubscribed: Bool { return true }
None
Demo 1: Insecure Data Storages
Protecting apps from Storage Attacks • Encrypt/Encode data before saving/
hardcoding (Careful! This will not prevent attacks, only slow them down.) • Treat critical data (like secret API keys) server-side if possible • Open Source “String obfuscation" libs: Hackers have Google too.
Demo 2: Runtime Manipulation
Protecting apps from Runtime Manipulation Important logic should be treated/
checked server-side! (eg: API Tokens)
Protecting apps from Runtime Manipulation
Protecting apps from Runtime Manipulation
What about the real world?
rockbruno
mikemcquaid
bwkw
aeonpeople
oracle4engineer
glaforge
wxyzzz
kworkdev
takuyay0ne
torounit
aoinoguchi
sansan33
sansantech
chrislema
seathinner
inesmontani
morganepeng
reverentgeek
rkendrick25
katarinadahlin
jonoalderson
aleyda
sergeychernyshev
shlominoach
