Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
iOS Security - Hacking iOS Apps
Search
Bruno Rocha
June 11, 2017
Technology
0
19
iOS Security - Hacking iOS Apps
TDC 2017
Bruno Rocha
June 11, 2017
Tweet
Share
More Decks by Bruno Rocha
See All by Bruno Rocha
BuckOutsideValley.pdf
rockbruno
1
100
Avoiding Release Anxiety
rockbruno
0
23
Creating Scalable iOS Apps
rockbruno
0
12
Other Decks in Technology
See All in Technology
AIと新時代を切り拓く。これからのSREとメルカリIBISの挑戦
0gm
0
900
Agile Leadership Summit Keynote 2026
m_seki
1
610
【Oracle Cloud ウェビナー】[Oracle AI Database + AWS] Oracle Database@AWSで広がるクラウドの新たな選択肢とAI時代のデータ戦略
oracle4engineer
PRO
2
140
Context Engineeringが企業で不可欠になる理由
hirosatogamo
PRO
3
570
Frontier Agents (Kiro autonomous agent / AWS Security Agent / AWS DevOps Agent) の紹介
msysh
3
170
CDKで始めるTypeScript開発のススメ
tsukuboshi
1
390
15 years with Rails and DDD (AI Edition)
andrzejkrzywda
0
190
小さく始めるBCP ― 多プロダクト環境で始める最初の一歩
kekke_n
1
410
プロダクト成長を支える開発基盤とスケールに伴う課題
yuu26
4
1.3k
~Everything as Codeを諦めない~ 後からCDK
mu7889yoon
3
340
モダンUIでフルサーバーレスなAIエージェントをAmplifyとCDKでサクッとデプロイしよう
minorun365
4
190
All About Sansan – for New Global Engineers
sansan33
PRO
1
1.3k
Featured
See All Featured
Learning to Love Humans: Emotional Interface Design
aarron
275
41k
Leadership Guide Workshop - DevTernity 2021
reverentgeek
1
200
My Coaching Mixtape
mlcsv
0
48
Test your architecture with Archunit
thirion
1
2.2k
Mobile First: as difficult as doing things right
swwweet
225
10k
Agile that works and the tools we love
rasmusluckow
331
21k
Java REST API Framework Comparison - PWX 2021
mraible
34
9.1k
SEO in 2025: How to Prepare for the Future of Search
ipullrank
3
3.3k
Efficient Content Optimization with Google Search Console & Apps Script
katarinadahlin
PRO
0
320
Utilizing Notion as your number one productivity tool
mfonobong
3
220
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
359
30k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
37
6.3k
Transcript
iOS Security Bruno Rocha iOS Developer @ Movile
Bad people
Crypto keys in NSUserDefaults/Keychain Secret API Keys in the Info.plist
or hardcoded CoreData/SQLite with sensitive data var isSubscribed: Bool
NSUserDefaults - Documents folder, not encrypted CoreData - Documents folder,
not encrypted Info.plist - Exposed in your .ipa/.app Keychain - Encrypted, but exploitable NSKeyedArchiver - A plist in hex format
None
None
var isSubscribed: Bool { let subscription = getSubscription() return subscription.isExpired
== false } var swizzled__isSubscribed: Bool { return true }
None
Demo 1: Insecure Data Storages
Protecting apps from Storage Attacks • Encrypt/Encode data before saving/
hardcoding (Careful! This will not prevent attacks, only slow them down.) • Treat critical data (like secret API keys) server-side if possible • Open Source “String obfuscation" libs: Hackers have Google too.
Demo 2: Runtime Manipulation
Protecting apps from Runtime Manipulation Important logic should be treated/
checked server-side! (eg: API Tokens)
Protecting apps from Runtime Manipulation
Protecting apps from Runtime Manipulation
What about the real world?
rockbruno
0gm
m_seki
oracle4engineer
hirosatogamo
msysh
tsukuboshi
andrzejkrzywda
kekke_n
yuu26
mu7889yoon
minorun365
sansan33
aarron
reverentgeek
mlcsv
thirion
swwweet
rasmusluckow
mraible
ipullrank
katarinadahlin
mfonobong
bermonpainter
kevinliebholz
