Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
iOS Security - Hacking iOS Apps
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Bruno Rocha
June 11, 2017
Technology
0
19
iOS Security - Hacking iOS Apps
TDC 2017
Bruno Rocha
June 11, 2017
Tweet
Share
More Decks by Bruno Rocha
See All by Bruno Rocha
BuckOutsideValley.pdf
rockbruno
1
100
Avoiding Release Anxiety
rockbruno
0
23
Creating Scalable iOS Apps
rockbruno
0
12
Other Decks in Technology
See All in Technology
【Oracle Cloud ウェビナー】[Oracle AI Database + AWS] Oracle Database@AWSで広がるクラウドの新たな選択肢とAI時代のデータ戦略
oracle4engineer
PRO
1
120
20260204_Midosuji_Tech
takuyay0ne
1
140
MCPでつなぐElasticsearchとLLM - 深夜の障害対応を楽にしたい / Bridging Elasticsearch and LLMs with MCP
sashimimochi
0
150
usermode linux without MMU - fosdem2026 kernel devroom
thehajime
0
230
マーケットプレイス版Oracle WebCenter Content For OCI
oracle4engineer
PRO
5
1.6k
Oracle Cloud Observability and Management Platform - OCI 運用監視サービス概要 -
oracle4engineer
PRO
2
14k
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
42k
Greatest Disaster Hits in Web Performance
guaca
0
200
ブロックテーマでサイトをリニューアルした話 / 2026-01-31 Kansai WordPress Meetup
torounit
0
460
SREチームをどう作り、どう育てるか ― Findy横断SREのマネジメント
rvirus0817
0
130
Introduction to Sansan for Engineers / エンジニア向け会社紹介
sansan33
PRO
6
68k
顧客の言葉を、そのまま信じない勇気
yamatai1212
1
350
Featured
See All Featured
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
196
71k
What does AI have to do with Human Rights?
axbom
PRO
0
2k
Heart Work Chapter 1 - Part 1
lfama
PRO
5
35k
RailsConf 2023
tenderlove
30
1.3k
Building AI with AI
inesmontani
PRO
1
690
How GitHub (no longer) Works
holman
316
140k
Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)
techseoconnect
PRO
0
84
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
55
3.2k
16th Malabo Montpellier Forum Presentation
akademiya2063
PRO
0
49
Bootstrapping a Software Product
garrettdimon
PRO
307
120k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
25
1.7k
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
davidcarrasco
1
49
Transcript
iOS Security Bruno Rocha iOS Developer @ Movile
Bad people
Crypto keys in NSUserDefaults/Keychain Secret API Keys in the Info.plist
or hardcoded CoreData/SQLite with sensitive data var isSubscribed: Bool
NSUserDefaults - Documents folder, not encrypted CoreData - Documents folder,
not encrypted Info.plist - Exposed in your .ipa/.app Keychain - Encrypted, but exploitable NSKeyedArchiver - A plist in hex format
None
None
var isSubscribed: Bool { let subscription = getSubscription() return subscription.isExpired
== false } var swizzled__isSubscribed: Bool { return true }
None
Demo 1: Insecure Data Storages
Protecting apps from Storage Attacks • Encrypt/Encode data before saving/
hardcoding (Careful! This will not prevent attacks, only slow them down.) • Treat critical data (like secret API keys) server-side if possible • Open Source “String obfuscation" libs: Hackers have Google too.
Demo 2: Runtime Manipulation
Protecting apps from Runtime Manipulation Important logic should be treated/
checked server-side! (eg: API Tokens)
Protecting apps from Runtime Manipulation
Protecting apps from Runtime Manipulation
What about the real world?
SiteGround - Reliable hosting with speed, security, and support you can count on.
rockbruno
oracle4engineer
takuyay0ne
sashimimochi
thehajime
safie_recruit
guaca
torounit
rvirus0817
sansan33
yamatai1212
soudai
axbom
lfama
tenderlove
inesmontani
holman
techseoconnect
tammyeverts
akademiya2063
garrettdimon
honnibal
davidcarrasco
