Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
iOS Security - Hacking iOS Apps
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Bruno Rocha
June 11, 2017
Technology
0
20
iOS Security - Hacking iOS Apps
TDC 2017
Bruno Rocha
June 11, 2017
Tweet
Share
More Decks by Bruno Rocha
See All by Bruno Rocha
BuckOutsideValley.pdf
rockbruno
1
100
Avoiding Release Anxiety
rockbruno
0
27
Creating Scalable iOS Apps
rockbruno
0
13
Other Decks in Technology
See All in Technology
20260323_データ分析基盤でGeminiを使う話
1210yuichi0
0
190
【Oracle Cloud ウェビナー】データ主権はクラウドで守れるのか?NTTデータ様のOracle Alloyで実現するソブリン対応クラウドの最適解
oracle4engineer
PRO
3
110
Cursor Subagentsはいいぞ
yug1224
2
110
SaaSに宿る21g
kanyamaguc
2
180
ブラックボックス化したMLシステムのVertex AI移行 / mlops_community_62
visional_engineering_and_design
1
160
VSCode中心だった自分がターミナル沼に入門した話
sanogemaru
0
780
Zephyr(RTOS)でOpenPLCを実装してみた
iotengineer22
0
130
私がよく使うMCPサーバー3選と社内で安全に活用する方法
kintotechdev
0
130
TUNA Camp 2026 京都Stage ヒューリスティックアルゴリズム入門
terryu16
0
560
Navigation APIと見るSvelteKitのWeb標準志向
yamanoku
2
120
やさしいとこから始めるGitHubリポジトリのセキュリティ
tsubakimoto_s
3
1.9k
AI時代のシステム開発者の仕事_20260328
sengtor
0
290
Featured
See All Featured
Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation
inesmontani
PRO
3
2.1k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
2.6k
New Earth Scene 8
popppiees
1
1.8k
Why Our Code Smells
bkeepers
PRO
340
58k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
133
19k
Building an army of robots
kneath
306
46k
Neural Spatial Audio Processing for Sound Field Analysis and Control
skoyamalab
0
230
Digital Ethics as a Driver of Design Innovation
axbom
PRO
1
240
Navigating the moral maze — ethical principles for Al-driven product design
skipperchong
2
310
B2B Lead Gen: Tactics, Traps & Triumph
marketingsoph
0
86
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
rkaga
61
43k
Redefining SEO in the New Era of Traffic Generation
szymonslowik
1
250
Transcript
iOS Security Bruno Rocha iOS Developer @ Movile
Bad people
Crypto keys in NSUserDefaults/Keychain Secret API Keys in the Info.plist
or hardcoded CoreData/SQLite with sensitive data var isSubscribed: Bool
NSUserDefaults - Documents folder, not encrypted CoreData - Documents folder,
not encrypted Info.plist - Exposed in your .ipa/.app Keychain - Encrypted, but exploitable NSKeyedArchiver - A plist in hex format
None
None
var isSubscribed: Bool { let subscription = getSubscription() return subscription.isExpired
== false } var swizzled__isSubscribed: Bool { return true }
None
Demo 1: Insecure Data Storages
Protecting apps from Storage Attacks • Encrypt/Encode data before saving/
hardcoding (Careful! This will not prevent attacks, only slow them down.) • Treat critical data (like secret API keys) server-side if possible • Open Source “String obfuscation" libs: Hackers have Google too.
Demo 2: Runtime Manipulation
Protecting apps from Runtime Manipulation Important logic should be treated/
checked server-side! (eg: API Tokens)
Protecting apps from Runtime Manipulation
Protecting apps from Runtime Manipulation
What about the real world?
SiteGround - Reliable hosting with speed, security, and support you can count on.
rockbruno
1210yuichi0
oracle4engineer
yug1224
kanyamaguc
visional_engineering_and_design
sanogemaru
iotengineer22
kintotechdev
terryu16
yamanoku
tsubakimoto_s
sengtor
inesmontani
garrettdimon
popppiees
bkeepers
morganepeng
kneath
skoyamalab
axbom
skipperchong
marketingsoph
rkaga
szymonslowik
