O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Learning iOS Security

Book Description

Enhance the security of your iOS platform and applications using iOS-centric security techniques

In Detail

iOS has quickly become one of the most popular mobile operating systems, not only with users, but also with developers and companies. This also makes it a popular platform for malicious adversaries. iOS users and developers need to be constantly aware of their mobile security risks. Because of this, there is great demand for risk assessment specialists and security engineers.

This book is a hands-on guide that focuses on iOS Devices and application security. It also discusses many vulnerabilities and security-related shortcomings that could expose personal data to prying eyes or allow interception of an iOS devices communication. You will learn how to manage apps to reduce the risks from third-parties and then carry out practical steps and procedures to protect your device at a large scale using tools like Apple Configurator and MDM. By the end of this book, you will have a great understanding of the essentials of iOS apps and will be able to secure the platform easily and rapidly.

What You Will Learn

  • Configure the appropriate features to debug data and inspect your device
  • Configure and operate iOS applications using the best practices
  • Build Mobile Device Management configurations with a secure approach
  • Choose the appropriate tools in an iOS deployment with the help of easy-to-understand scenarios
  • Connect and manage Apple devices centrally
  • Provide appropriate input when a security policy is being made
  • Develop a toolset to begin tackling comprehensive forensic analysis
  • Transmit and store data efficiently using the privacy and iCloud settings
  • Connect your device to view network traffic and capture the camera

Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

Table of Contents

  1. Learning iOS Security
    1. Table of Contents
    2. Learning iOS Security
    3. Credits
    4. About the Authors
    5. About the Reviewers
    6. www.PacktPub.com
      1. Support files, eBooks, discount offers, and more
        1. Why subscribe?
        2. Free access for Packt account holders
    7. Preface
      1. What this book covers
      2. What you need for this book
      3. Who this book is for
      4. Conventions
      5. Reader feedback
      6. Customer support
        1. Errata
        2. Piracy
        3. Questions
    8. 1. iOS Security Overview
      1. Pairing
      2. Backing up your device
        1. iCloud backups
        2. Taking backups using iTunes
        3. Viewing iOS data in iTunes
      3. Initial security checklist
        1. Configuring a passcode
        2. Configuring privacy settings
      4. Safari and built-in App protections
      5. Predictive search and spotlight
      6. Summary
    9. 2. Introducing App Security
      1. Installing apps
        1. Blocking access to the App Store
      2. Single App mode, App Lock, and Guided Access
      3. App communication
        1. Handoff and Continuity
      4. Keybags and keychains
      5. Keyboards and extensions
        1. Securing what extensions can access
        2. User context
      6. Sandboxing and App data storage
      7. Introduction to in-house App development
      8. Summary
    10. 3. Encrypting Devices
      1. Secure boot and activating iOS
      2. Passbook and Touch ID for Apple Pay
        1. Introduction to iOS network communication
        2. AirDrop
        3. A bug or a feature?
        4. VPN (Always-On, APN, Per-App, On-Demand)
          1. Global HTTP Proxy, caching, and the web content filter
      3. Privacy-related concerns
        1. Lesser-known ways for Apple to gather diagnostics
        2. Health app
      4. Configuration profiles
        1. Signing, encryption, and delivery
      5. Summary
    11. 4. Organizational Controls
      1. Apple Configurator
        1. Intended workflows
        2. The interaction modes – Prepare, Supervise, and Assign
        3. The importance of supervision
        4. Apps, VPP, and Apple Configurator
        5. Mass restoring and naming of devices
        6. Backup concerns
        7. Configurator as chaperone
      2. Activation Lock and Find My iPhone
        1. Addressing the rough spots
        2. DEP versus Apple Configurator
        3. Guided Access versus App Lock versus Single App Mode
      3. ActiveSync
      4. Summary
    12. 5. Mobile Device Management
      1. Introducing MDM
      2. Configurator versus MDM
      3. The Profile Manager
        1. Preparing the Profile Manager Server
          1. Preparing Profile Manager
          2. Completing Post Configuration tasks
          3. Using Profile Manager
          4. Enrolling into Profile Manager
          5. Device management
        2. Passcode policies
      4. Introducing Bushel
        1. Setup
        2. The enrollment process
        3. Restrictions
        4. Volume Purchasing Program and MDM
      5. Summary
    13. 6. Debugging and Conclusion
      1. Xcode
      2. Dive deeper with libimobiledevice
        1. Installing libimobiledevice using Homebrew
          1. Using idevicesyslog and idevicepair
          2. Using idevicedate and ideviceinstaller
      3. App communications
        1. Identifying devices
        2. Listening to network communications
      4. Apple IDs and Apps
      5. Forensics
      6. Application security
      7. Viewing an App
      8. Summary
    14. Index