Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
iOS Security - Hacking iOS Apps
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Bruno Rocha
June 11, 2017
Technology
0
19
iOS Security - Hacking iOS Apps
TDC 2017
Bruno Rocha
June 11, 2017
Tweet
Share
More Decks by Bruno Rocha
See All by Bruno Rocha
BuckOutsideValley.pdf
rockbruno
1
100
Avoiding Release Anxiety
rockbruno
0
23
Creating Scalable iOS Apps
rockbruno
0
12
Other Decks in Technology
See All in Technology
ブロックテーマでサイトをリニューアルした話 / 2026-01-31 Kansai WordPress Meetup
torounit
0
460
モダンUIでフルサーバーレスなAIエージェントをAmplifyとCDKでサクッとデプロイしよう
minorun365
4
180
インフラエンジニア必見!Kubernetesを用いたクラウドネイティブ設計ポイント大全
daitak
1
350
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
sansan33
PRO
0
3k
外部キー制約の知っておいて欲しいこと - RDBMSを正しく使うために必要なこと / FOREIGN KEY Night
soudai
PRO
12
5.3k
広告の効果検証を題材にした因果推論の精度検証について
zozotech
PRO
0
160
レガシー共有バッチ基盤への挑戦 - SREドリブンなリアーキテクチャリングの取り組み
tatsukoni
0
210
Kiro IDEのドキュメントを全部読んだので地味だけどちょっと嬉しい機能を紹介する
khmoryz
0
180
制約が導く迷わない設計 〜 信頼性と運用性を両立するマイナンバー管理システムの実践 〜
bwkw
3
920
usermode linux without MMU - fosdem2026 kernel devroom
thehajime
0
230
Context Engineeringの取り組み
nutslove
0
330
SREが向き合う大規模リアーキテクチャ 〜信頼性とアジリティの両立〜
zepprix
0
440
Featured
See All Featured
Lessons Learnt from Crawling 1000+ Websites
charlesmeaden
PRO
1
1.1k
Measuring & Analyzing Core Web Vitals
bluesmoon
9
750
End of SEO as We Know It (SMX Advanced Version)
ipullrank
3
3.9k
How GitHub (no longer) Works
holman
316
140k
Evolving SEO for Evolving Search Engines
ryanjones
0
120
Testing 201, or: Great Expectations
jmmastey
46
8k
Code Reviewing Like a Champion
maltzj
527
40k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
666
130k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
Designing Experiences People Love
moore
144
24k
Making Projects Easy
brettharned
120
6.6k
What’s in a name? Adding method to the madness
productmarketing
PRO
24
3.9k
Transcript
iOS Security Bruno Rocha iOS Developer @ Movile
Bad people
Crypto keys in NSUserDefaults/Keychain Secret API Keys in the Info.plist
or hardcoded CoreData/SQLite with sensitive data var isSubscribed: Bool
NSUserDefaults - Documents folder, not encrypted CoreData - Documents folder,
not encrypted Info.plist - Exposed in your .ipa/.app Keychain - Encrypted, but exploitable NSKeyedArchiver - A plist in hex format
None
None
var isSubscribed: Bool { let subscription = getSubscription() return subscription.isExpired
== false } var swizzled__isSubscribed: Bool { return true }
None
Demo 1: Insecure Data Storages
Protecting apps from Storage Attacks • Encrypt/Encode data before saving/
hardcoding (Careful! This will not prevent attacks, only slow them down.) • Treat critical data (like secret API keys) server-side if possible • Open Source “String obfuscation" libs: Hackers have Google too.
Demo 2: Runtime Manipulation
Protecting apps from Runtime Manipulation Important logic should be treated/
checked server-side! (eg: API Tokens)
Protecting apps from Runtime Manipulation
Protecting apps from Runtime Manipulation
What about the real world?
SiteGround - Reliable hosting with speed, security, and support you can count on.
rockbruno
torounit
minorun365
daitak
sansan33
soudai
zozotech
tatsukoni
khmoryz
bwkw
thehajime
nutslove
zepprix
charlesmeaden
bluesmoon
ipullrank
holman
ryanjones
jmmastey
maltzj
pedronauck
caitiem20
moore
brettharned
productmarketing
