Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
iOS Security - Hacking iOS Apps
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Bruno Rocha
June 11, 2017
Technology
0
19
iOS Security - Hacking iOS Apps
TDC 2017
Bruno Rocha
June 11, 2017
Tweet
Share
More Decks by Bruno Rocha
See All by Bruno Rocha
BuckOutsideValley.pdf
rockbruno
1
100
Avoiding Release Anxiety
rockbruno
0
23
Creating Scalable iOS Apps
rockbruno
0
12
Other Decks in Technology
See All in Technology
kintone開発のプラットフォームエンジニアの紹介
cybozuinsideout
PRO
0
870
スクリプトの先へ!AIエージェントと組み合わせる モバイルE2Eテスト
error96num
0
170
Datadog の RBAC のすべて
nulabinc
PRO
3
460
Shifting from MCP to Skills / ベストプラクティスの変遷を辿る
yamanoku
4
830
事例に見るスマートファクトリーへの道筋〜工場データをAI Readyにする実践ステップ〜
hamadakoji
1
310
ランサムウエア対策してますか?やられた時の対策は本当にできてますか?AWSでのリスク分析と対応フローの泥臭いお話。
hootaki
0
120
Dr. Werner Vogelsの14年のキーノートから紐解くエンジニアリング組織への処方箋@JAWS DAYS 2026
p0n
1
130
us-east-1 に障害が起きた時に、 ap-northeast-1 にどんな影響があるか 説明できるようになろう!
miu_crescent
PRO
13
4.3k
vLLM Community Meetup Tokyo #3 オープニングトーク
jpishikawa
0
340
Oracle Database@Google Cloud:サービス概要のご紹介
oracle4engineer
PRO
5
1.2k
20260311 技術SWG活動報告(デジタルアイデンティティ人材育成推進WG Ph2 活動報告会)
oidfj
0
320
[JAWSDAYS2026][D8]その起票、愛が足りてますか?AWSサポートを味方につける、技術的「ラブレター」の書き方
hirosys_
3
170
Featured
See All Featured
Typedesign – Prime Four
hannesfritz
42
3k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.7k
Bootstrapping a Software Product
garrettdimon
PRO
307
120k
エンジニアに許された特別な時間の終わり
watany
106
240k
Visualization
eitanlees
150
17k
A designer walks into a library…
pauljervisheath
210
24k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3.3k
svc-hook: hooking system calls on ARM64 by binary rewriting
retrage
2
170
Building Adaptive Systems
keathley
44
3k
Crafting Experiences
bethany
1
86
The Pragmatic Product Professional
lauravandoore
37
7.2k
Fireside Chat
paigeccino
42
3.8k
Transcript
iOS Security Bruno Rocha iOS Developer @ Movile
Bad people
Crypto keys in NSUserDefaults/Keychain Secret API Keys in the Info.plist
or hardcoded CoreData/SQLite with sensitive data var isSubscribed: Bool
NSUserDefaults - Documents folder, not encrypted CoreData - Documents folder,
not encrypted Info.plist - Exposed in your .ipa/.app Keychain - Encrypted, but exploitable NSKeyedArchiver - A plist in hex format
None
None
var isSubscribed: Bool { let subscription = getSubscription() return subscription.isExpired
== false } var swizzled__isSubscribed: Bool { return true }
None
Demo 1: Insecure Data Storages
Protecting apps from Storage Attacks • Encrypt/Encode data before saving/
hardcoding (Careful! This will not prevent attacks, only slow them down.) • Treat critical data (like secret API keys) server-side if possible • Open Source “String obfuscation" libs: Hackers have Google too.
Demo 2: Runtime Manipulation
Protecting apps from Runtime Manipulation Important logic should be treated/
checked server-side! (eg: API Tokens)
Protecting apps from Runtime Manipulation
Protecting apps from Runtime Manipulation
What about the real world?
SiteGround - Reliable hosting with speed, security, and support you can count on.
rockbruno
cybozuinsideout
error96num
nulabinc
yamanoku
hamadakoji
hootaki
p0n
miu_crescent
jpishikawa
oracle4engineer
.png){kind=avatar}
oidfj
hirosys_
hannesfritz
marktimemedia
garrettdimon
watany
eitanlees
pauljervisheath
tammyeverts
retrage
keathley
bethany
lauravandoore
paigeccino
