Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
iOS Security - Hacking iOS Apps
Search
Bruno Rocha
June 11, 2017
Technology
0
18
iOS Security - Hacking iOS Apps
TDC 2017
Bruno Rocha
June 11, 2017
Tweet
Share
More Decks by Bruno Rocha
See All by Bruno Rocha
BuckOutsideValley.pdf
rockbruno
1
100
Avoiding Release Anxiety
rockbruno
0
22
Creating Scalable iOS Apps
rockbruno
0
12
Other Decks in Technology
See All in Technology
Trust as Infrastructure
bcantrill
0
350
ユニットテストに対する考え方の変遷 / Everyone should watch his live coding
mdstoy
0
130
Large Vision Language Modelを用いた 文書画像データ化作業自動化の検証、運用 / shibuya_AI
sansan_randd
0
110
GA technologiesでのAI-Readyの取り組み@DataOps Night
yuto16
0
280
Oracle Cloud Infrastructure:2025年9月度サービス・アップデート
oracle4engineer
PRO
0
470
バイブコーディングと継続的デプロイメント
nwiizo
2
440
業務自動化プラットフォーム Google Agentspace に入門してみる #devio2025
maroon1st
0
200
AI ReadyなData PlatformとしてのAutonomous Databaseアップデート
oracle4engineer
PRO
0
210
SREとソフトウェア開発者の合同チームはどのようにS3のコストを削減したか?
muziyoshiz
1
100
Escaping_the_Kraken_-_October_2025.pdf
mdalmijn
0
150
SOC2取得の全体像
shonansurvivors
1
410
How to achieve interoperable digital identity across Asian countries
fujie
0
120
Featured
See All Featured
The Pragmatic Product Professional
lauravandoore
36
6.9k
Designing for humans not robots
tammielis
254
26k
How to Think Like a Performance Engineer
csswizardry
27
2k
We Have a Design System, Now What?
morganepeng
53
7.8k
Optimising Largest Contentful Paint
csswizardry
37
3.4k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
36
2.5k
Reflections from 52 weeks, 52 projects
jeffersonlam
352
21k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.6k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Visualization
eitanlees
148
16k
Fireside Chat
paigeccino
40
3.7k
Docker and Python
trallard
46
3.6k
Transcript
iOS Security Bruno Rocha iOS Developer @ Movile
Bad people
Crypto keys in NSUserDefaults/Keychain Secret API Keys in the Info.plist
or hardcoded CoreData/SQLite with sensitive data var isSubscribed: Bool
NSUserDefaults - Documents folder, not encrypted CoreData - Documents folder,
not encrypted Info.plist - Exposed in your .ipa/.app Keychain - Encrypted, but exploitable NSKeyedArchiver - A plist in hex format
None
None
var isSubscribed: Bool { let subscription = getSubscription() return subscription.isExpired
== false } var swizzled__isSubscribed: Bool { return true }
None
Demo 1: Insecure Data Storages
Protecting apps from Storage Attacks • Encrypt/Encode data before saving/
hardcoding (Careful! This will not prevent attacks, only slow them down.) • Treat critical data (like secret API keys) server-side if possible • Open Source “String obfuscation" libs: Hackers have Google too.
Demo 2: Runtime Manipulation
Protecting apps from Runtime Manipulation Important logic should be treated/
checked server-side! (eg: API Tokens)
Protecting apps from Runtime Manipulation
Protecting apps from Runtime Manipulation
What about the real world?
rockbruno
bcantrill
mdstoy
sansan_randd
yuto16
oracle4engineer
nwiizo
maroon1st
muziyoshiz
.jpg){kind=avatar}
mdalmijn
shonansurvivors
fujie
lauravandoore
tammielis
csswizardry
morganepeng
eileencodes
jeffersonlam
garrettdimon
keithpitt
eitanlees
paigeccino
trallard
