iOS app Security Framework Overview
Easy to attack, only a rigorous, multi-layered protection network to reliably protect our iOS application security. So, what does a well-developed iOS Application Security framework have to write? First, first, comb the common reverse and attack tools.
iOS apps reverse common tools
- Reveal
- Cycript
- Class-dump
- Keychain-dumper
- Gdb
- Inalyzer
- Introspy
- Fishhook
- Removepie
- IDA Pro or Hopper
- Snoop-it
- IDB
- Charles
- SSL Kill Switch
Bare-ben App security hidden
What are the threats to a bare-handed iOS app with a jailbreak iOS device, plus the above-mentioned reverse tool?
- Arbitrary read and write file system data
- HTTP (S) is monitored in real time
- Re-packaging IPA
- Exposed function symbols
- Non-encrypted static characters
- Tampering with program logic control flow
- Interception System Framework API
- Reverse encryption Logic
- Trace function Call procedure (objc_msgsend)
- Concrete implementations of visible views
- Counterfeit equipment identification
- Available URLs schemes
- Runtime arbitrary method invocation
- ......
iOS app security Protection Open Source Tool
- Ios-class-guard is a powerful tool against Class-dump, which renames OBJC class name method names to incomprehensible characters.
iOS app Security Framework Overview
To address these security concerns, our iOS application Security framework needs to accomplish the following tasks:
- Protection
- Rename a OBJC class name method name to a hard-to-understand character
- Encrypt static string run-time decryption
- Confusing code makes it difficult to disassemble
- Local storage file Tamper-proof
- Detection
- Debug State detection
- Jailbreak Environment detection
- Swizzle Detection of OBJC
- Hook detection of arbitrary function
- Specify checksum detection for a region or data segment
- Self-healing
- Self-repairing tampered data and code snippets
In addition, multiple layers of protection are required to ensure that the entire protection mechanism is not invalidated through high level protection of the lower layer. Refer to the IBM Mobile Endpoint Security Framework solution:
iOS app security Framework Overview