IOS ---------- how to make apps safer, ios ---------- APP
1. Security Solution for network requests
1.1 https requests, preferably a secure interaction platform.
1.2 encrypt important parameter requests (AES and ERSA encryption are recommended ).
1.3 when the server returns data, it encrypts important data.
1.4 do not write the key into the code. You can first obtain the key through the asymmetric encryption interface, and then use this key for encryption in the subsequent interface communication.
1.5 The key should be replaced regularly,
If the key is written in the Code, when the APP upgrades the new version, the new version of the APP and other corresponding interface versions are changed to the new key.
If the key is obtained from the interface through asymmetric encryption, directly modify the server.
2 Client Security Solution
2.1 do not store key information in plist files or static files in projects. If key information is stored, encrypt it.
2.2 NSUserDefaults, sqlite storage file for data encryption. Encrypts the URLs in the program to Prevent Static Analysis of the URLs.
2.3 code obfuscation. For example, use macros for simple obfuscation. The method name and method body are mixed.
2.4 In the release environment, NSLog does not print logs, and print is used in swift.
2.5 In the code, the method name should not contain key, password, getIPAddress, and other words.
2.6 When Logon fails, do not explicitly judge that the user name or password is incorrect.
2.7 two or more types of authentication technologies (such as digital certificate system, hardware token, biometric characteristics, and one-time dynamic password) are used for user identity authentication during logon.
2.8 use an encrypted soft keyboard and random keyboard. When private data is input, all data is shielded.
2.9 do not display private data in plain text, partially or entirely. (Hackers get the user name and mobile phone number, and then perform fraud ).
3.0 use the anti-screenshot function.
Author: Xu Wenjun
Link: https://www.jianshu.com/p/017c54068fd7
Source: Simplified book
Copyright belongs to the author. For commercial reprint, please contact the author for authorization. For non-commercial reprint, please indicate the source.