Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
iOS Security - Hacking iOS Apps
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Bruno Rocha
June 11, 2017
Technology
0
19
iOS Security - Hacking iOS Apps
TDC 2017
Bruno Rocha
June 11, 2017
Tweet
Share
More Decks by Bruno Rocha
See All by Bruno Rocha
BuckOutsideValley.pdf
rockbruno
1
100
Avoiding Release Anxiety
rockbruno
0
23
Creating Scalable iOS Apps
rockbruno
0
12
Other Decks in Technology
See All in Technology
SREのプラクティスを用いた3領域同時 マネジメントへの挑戦 〜SRE・情シス・セキュリティを統合した チーム運営術〜
coconala_engineer
2
640
AIエージェントを開発しよう!-AgentCore活用の勘所-
yukiogawa
0
150
SREチームをどう作り、どう育てるか ― Findy横断SREのマネジメント
rvirus0817
0
200
OCI Database Management サービス詳細
oracle4engineer
PRO
1
7.4k
Amazon S3 Vectorsを使って資格勉強用AIエージェントを構築してみた
usanchuu
3
450
プロポーザルに込める段取り八分
shoheimitani
1
220
Frontier Agents (Kiro autonomous agent / AWS Security Agent / AWS DevOps Agent) の紹介
msysh
3
170
Context Engineeringの取り組み
nutslove
0
340
15 years with Rails and DDD (AI Edition)
andrzejkrzywda
0
190
2026年、サーバーレスの現在地 -「制約と戦う技術」から「当たり前の実行基盤」へ- /serverless2026
slsops
2
240
今日から始める Amazon Bedrock AgentCore
har1101
4
400
Tebiki Engineering Team Deck
tebiki
0
24k
Featured
See All Featured
Effective software design: The role of men in debugging patriarchy in IT @ Voxxed Days AMS
baasie
0
220
We Are The Robots
honzajavorek
0
160
[RailsConf 2023] Rails as a piece of cake
palkan
59
6.3k
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
aleyda
1
1.1k
SEOcharity - Dark patterns in SEO and UX: How to avoid them and build a more ethical web
sarafernandez
0
120
Testing 201, or: Great Expectations
jmmastey
46
8k
Done Done
chrislema
186
16k
Leveraging Curiosity to Care for An Aging Population
cassininazir
1
160
The Mindset for Success: Future Career Progression
greggifford
PRO
0
240
Producing Creativity
orderedlist
PRO
348
40k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
196
71k
Impact Scores and Hybrid Strategies: The future of link building
tamaranovitovic
0
200
Transcript
iOS Security Bruno Rocha iOS Developer @ Movile
Bad people
Crypto keys in NSUserDefaults/Keychain Secret API Keys in the Info.plist
or hardcoded CoreData/SQLite with sensitive data var isSubscribed: Bool
NSUserDefaults - Documents folder, not encrypted CoreData - Documents folder,
not encrypted Info.plist - Exposed in your .ipa/.app Keychain - Encrypted, but exploitable NSKeyedArchiver - A plist in hex format
None
None
var isSubscribed: Bool { let subscription = getSubscription() return subscription.isExpired
== false } var swizzled__isSubscribed: Bool { return true }
None
Demo 1: Insecure Data Storages
Protecting apps from Storage Attacks • Encrypt/Encode data before saving/
hardcoding (Careful! This will not prevent attacks, only slow them down.) • Treat critical data (like secret API keys) server-side if possible • Open Source “String obfuscation" libs: Hackers have Google too.
Demo 2: Runtime Manipulation
Protecting apps from Runtime Manipulation Important logic should be treated/
checked server-side! (eg: API Tokens)
Protecting apps from Runtime Manipulation
Protecting apps from Runtime Manipulation
What about the real world?
rockbruno
coconala_engineer
yukiogawa
rvirus0817
oracle4engineer
usanchuu
shoheimitani
msysh
nutslove
andrzejkrzywda
slsops
har1101
tebiki
baasie
honzajavorek
palkan
aleyda
sarafernandez
jmmastey
chrislema
cassininazir
greggifford
orderedlist
soudai
tamaranovitovic
