Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
iOS Security - Hacking iOS Apps
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Bruno Rocha
June 11, 2017
Technology
0
19
iOS Security - Hacking iOS Apps
TDC 2017
Bruno Rocha
June 11, 2017
Tweet
Share
More Decks by Bruno Rocha
See All by Bruno Rocha
BuckOutsideValley.pdf
rockbruno
1
100
Avoiding Release Anxiety
rockbruno
0
23
Creating Scalable iOS Apps
rockbruno
0
12
Other Decks in Technology
See All in Technology
学生・新卒・ジュニアから目指すSRE
hiroyaonoe
2
590
SREが向き合う大規模リアーキテクチャ 〜信頼性とアジリティの両立〜
zepprix
0
440
~Everything as Codeを諦めない~ 後からCDK
mu7889yoon
3
320
15 years with Rails and DDD (AI Edition)
andrzejkrzywda
0
190
変化するコーディングエージェントとの現実的な付き合い方 〜Cursor安定択説と、ツールに依存しない「資産」〜
empitsu
4
1.4k
GitHub Issue Templates + Coding Agentで簡単みんなでIaC/Easy IaC for Everyone with GitHub Issue Templates + Coding Agent
aeonpeople
1
210
Ruby版 JSXのRuxが気になる
sansantech
PRO
0
150
こんなところでも(地味に)活躍するImage Modeさんを知ってるかい?- Image Mode for OpenShift -
tsukaman
0
120
Amazon Bedrock Knowledge Basesチャンキング解説!
aoinoguchi
0
130
FinTech SREのAWSサービス活用/Leveraging AWS Services in FinTech SRE
maaaato
0
130
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
sansan33
PRO
0
3k
AWS Network Firewall Proxyを触ってみた
nagisa53
1
210
Featured
See All Featured
Kristin Tynski - Automating Marketing Tasks With AI
techseoconnect
PRO
0
140
SEO Brein meetup: CTRL+C is not how to scale international SEO
lindahogenes
0
2.3k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3.3k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
31
3.1k
[SF Ruby Conf 2025] Rails X
palkan
1
740
Color Theory Basics | Prateek | Gurzu
gurzu
0
200
Building Flexible Design Systems
yeseniaperezcruz
330
40k
brightonSEO & MeasureFest 2025 - Christian Goodrich - Winning strategies for Black Friday CRO & PPC
cargoodrich
3
98
職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position
madoxten
57
50k
Paper Plane
katiecoart
PRO
0
46k
Paper Plane (Part 1)
katiecoart
PRO
0
4.1k
How GitHub (no longer) Works
holman
316
140k
Transcript
iOS Security Bruno Rocha iOS Developer @ Movile
Bad people
Crypto keys in NSUserDefaults/Keychain Secret API Keys in the Info.plist
or hardcoded CoreData/SQLite with sensitive data var isSubscribed: Bool
NSUserDefaults - Documents folder, not encrypted CoreData - Documents folder,
not encrypted Info.plist - Exposed in your .ipa/.app Keychain - Encrypted, but exploitable NSKeyedArchiver - A plist in hex format
None
None
var isSubscribed: Bool { let subscription = getSubscription() return subscription.isExpired
== false } var swizzled__isSubscribed: Bool { return true }
None
Demo 1: Insecure Data Storages
Protecting apps from Storage Attacks • Encrypt/Encode data before saving/
hardcoding (Careful! This will not prevent attacks, only slow them down.) • Treat critical data (like secret API keys) server-side if possible • Open Source “String obfuscation" libs: Hackers have Google too.
Demo 2: Runtime Manipulation
Protecting apps from Runtime Manipulation Important logic should be treated/
checked server-side! (eg: API Tokens)
Protecting apps from Runtime Manipulation
Protecting apps from Runtime Manipulation
What about the real world?
SiteGround - Reliable hosting with speed, security, and support you can count on.
rockbruno
hiroyaonoe
zepprix
mu7889yoon
andrzejkrzywda
empitsu
aeonpeople
sansantech
tsukaman
aoinoguchi
maaaato
sansan33
nagisa53
techseoconnect
lindahogenes
tammyeverts
danielanewman
palkan
gurzu
yeseniaperezcruz
cargoodrich
madoxten
katiecoart
holman
