Chapter 12. Securing the Runtime
From Chapter 7 on, you’ve learned about various techniques to manipulate the Objective-C runtime, and how to dynamically inject code into a program to replace existing functionality. This chapter provides a number of techniques that can be used to help secure the runtime better, thus increasing the overall time and complexity required in order to attack your code.
The runtime comes down to who controls the zeroes and the ones. With a debugger and a copy of the victim’s application data, an attacker is in control. No application is truly secure, but by taking a number of precautions, you can help to greatly complicate the style of attack needed to breach your application, and the skill level required as well. By implementing many of the approaches from this chapter, your application can function properly, but greatly extend the amount of time and skill required to attack it.
Some of the techniques in this chapter are designed not only to protect data, but to confuse an attacker, or to proactively assist in the event of tampering. Approaches like this can also have the added benefit of causing malicious individuals to skip your application and move onto less secure ones. By incorporating anti-debugging techniques, kill switches, class validation, and other techniques from other chapters, such as user jailbreak detection, your application may be able to stave off a majority of the unskilled attackers who amount to nothing more than low budget pickpockets. ...
Get Hacking and Securing iOS Applications now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.