Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
iOS Security - Hacking iOS Apps
Search
Bruno Rocha
June 11, 2017
Technology
0
17
iOS Security - Hacking iOS Apps
TDC 2017
Bruno Rocha
June 11, 2017
Tweet
Share
More Decks by Bruno Rocha
See All by Bruno Rocha
BuckOutsideValley.pdf
rockbruno
1
100
Avoiding Release Anxiety
rockbruno
0
18
Creating Scalable iOS Apps
rockbruno
0
11
Other Decks in Technology
See All in Technology
AWS認定を取る中で感じたこと
siromi
1
190
生成AI時代の開発組織・技術・プロセス 〜 ログラスの挑戦と考察 〜
itohiro73
1
460
成長し続けるアプリのためのテストと設計の関係、そして意思決定の記録。
sansantech
PRO
0
120
使いたいMCPサーバーはWeb APIをラップして自分で作る #QiitaBash
bengo4com
0
1.9k
Glacierだからってコストあきらめてない? / JAWS Meet Glacier Cost
taishin
1
160
ビズリーチにおけるリアーキテクティング実践事例 / JJUG CCC 2025 Spring
visional_engineering_and_design
1
120
Core Audio tapを使ったリアルタイム音声処理のお話
yuta0306
0
190
改めてAWS WAFを振り返る~業務で使うためのポイント~
masakiokuda
2
250
AWS Organizations 新機能!マルチパーティ承認の紹介
yhana
1
280
「クラウドコスト絶対削減」を支える技術—FinOpsを超えた徹底的なクラウドコスト削減の実践論
delta_tech
4
170
20250707-AI活用の個人差を埋めるチームづくり
shnjtk
4
3.8k
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
soudai
PRO
48
19k
Featured
See All Featured
How to Ace a Technical Interview
jacobian
278
23k
RailsConf 2023
tenderlove
30
1.1k
Documentation Writing (for coders)
carmenintech
72
4.9k
Java REST API Framework Comparison - PWX 2021
mraible
31
8.7k
A Tale of Four Properties
chriscoyier
160
23k
The Straight Up "How To Draw Better" Workshop
denniskardys
234
140k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
107
19k
Bash Introduction
62gerente
613
210k
Building Adaptive Systems
keathley
43
2.7k
Building a Modern Day E-commerce SEO Strategy
aleyda
42
7.4k
Code Review Best Practice
trishagee
69
18k
Transcript
iOS Security Bruno Rocha iOS Developer @ Movile
Bad people
Crypto keys in NSUserDefaults/Keychain Secret API Keys in the Info.plist
or hardcoded CoreData/SQLite with sensitive data var isSubscribed: Bool
NSUserDefaults - Documents folder, not encrypted CoreData - Documents folder,
not encrypted Info.plist - Exposed in your .ipa/.app Keychain - Encrypted, but exploitable NSKeyedArchiver - A plist in hex format
None
None
var isSubscribed: Bool { let subscription = getSubscription() return subscription.isExpired
== false } var swizzled__isSubscribed: Bool { return true }
None
Demo 1: Insecure Data Storages
Protecting apps from Storage Attacks • Encrypt/Encode data before saving/
hardcoding (Careful! This will not prevent attacks, only slow them down.) • Treat critical data (like secret API keys) server-side if possible • Open Source “String obfuscation" libs: Hackers have Google too.
Demo 2: Runtime Manipulation
Protecting apps from Runtime Manipulation Important logic should be treated/
checked server-side! (eg: API Tokens)
Protecting apps from Runtime Manipulation
Protecting apps from Runtime Manipulation
What about the real world?