Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
iOS Security - Hacking iOS Apps
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Bruno Rocha
June 11, 2017
Technology
0
19
iOS Security - Hacking iOS Apps
TDC 2017
Bruno Rocha
June 11, 2017
Tweet
Share
More Decks by Bruno Rocha
See All by Bruno Rocha
BuckOutsideValley.pdf
rockbruno
1
100
Avoiding Release Anxiety
rockbruno
0
23
Creating Scalable iOS Apps
rockbruno
0
12
Other Decks in Technology
See All in Technology
Oracle Database@Google Cloud:サービス概要のご紹介
oracle4engineer
PRO
5
1.2k
JAWS Days 2026 楽しく学ぼう! 認証認可 入門/20260307-jaws-days-novice-lane-auth
opelab
11
1.9k
Oracle Database@Azure:サービス概要のご紹介
oracle4engineer
PRO
4
1.2k
AI時代のSaaSとETL
shoe116
1
130
今のWordPress の制作手法ってなにがあんねん?(改) / What’s the Deal with WordPress Development These Days?
tbshiki
0
440
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
8
7.2k
2026-03-11 JAWS-UG 茨城 #12 改めてALBを便利に使う
masasuzu
2
370
NewSQL_ ストレージ分離と分散合意を用いたスケーラブルアーキテクチャ
hacomono
PRO
4
320
vLLM Community Meetup Tokyo #3 オープニングトーク
jpishikawa
0
340
AI時代の「本当の」ハイブリッドクラウド — エージェントが実現した、あの頃の夢
ebibibi
0
110
堅牢.py#2 LT資料
t3tra
0
140
最強のAIエージェントを諦めたら品質が上がった話 / how quality improved after giving up on the strongest AI agent
kt2mikan
0
170
Featured
See All Featured
Building a Scalable Design System with Sketch
lauravandoore
463
34k
BBQ
matthewcrist
89
10k
Bootstrapping a Software Product
garrettdimon
PRO
307
120k
Rebuilding a faster, lazier Slack
samanthasiow
85
9.4k
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
minecr
1
190
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
46
2.7k
What Being in a Rock Band Can Teach Us About Real World SEO
427marketing
0
190
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
2.4k
KATA
mclloyd
PRO
35
15k
The Anti-SEO Checklist Checklist. Pubcon Cyber Week
ryanjones
0
91
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
122
21k
How to Think Like a Performance Engineer
csswizardry
28
2.5k
Transcript
iOS Security Bruno Rocha iOS Developer @ Movile
Bad people
Crypto keys in NSUserDefaults/Keychain Secret API Keys in the Info.plist
or hardcoded CoreData/SQLite with sensitive data var isSubscribed: Bool
NSUserDefaults - Documents folder, not encrypted CoreData - Documents folder,
not encrypted Info.plist - Exposed in your .ipa/.app Keychain - Encrypted, but exploitable NSKeyedArchiver - A plist in hex format
None
None
var isSubscribed: Bool { let subscription = getSubscription() return subscription.isExpired
== false } var swizzled__isSubscribed: Bool { return true }
None
Demo 1: Insecure Data Storages
Protecting apps from Storage Attacks • Encrypt/Encode data before saving/
hardcoding (Careful! This will not prevent attacks, only slow them down.) • Treat critical data (like secret API keys) server-side if possible • Open Source “String obfuscation" libs: Hackers have Google too.
Demo 2: Runtime Manipulation
Protecting apps from Runtime Manipulation Important logic should be treated/
checked server-side! (eg: API Tokens)
Protecting apps from Runtime Manipulation
Protecting apps from Runtime Manipulation
What about the real world?
rockbruno
oracle4engineer
opelab
shoe116
tbshiki
masasuzu
hacomono
jpishikawa
ebibibi
t3tra
kt2mikan
lauravandoore
matthewcrist
garrettdimon
samanthasiow
minecr
bcantrill
427marketing
mclloyd
ryanjones
panda_program
csswizardry
