Implementing anti-tampering mechanism in iOS apps

Wojciech Reguła
May 20 · 2 min read

Security is a topic that should be considered also by iOS developers. Since the platform cannot be treated as 100% secure, devs and security division need to create a separate threat model for mobile applications.

For all the years when iOS exists, many different types of application vulnerabilities have been discovered. They can result in a real risk and should be covered at first! After it is done, in most cases, the fire has been extinguished.

However, if you are responsible for developing high risk application you will be probably interested in reaching a higher app resiliency. Before attackers find the vulnerabilities they need to analyze your app. This is the moment when you can make their job harder — implement anti-tampering mechanisms and detect if you application has been launched in a malicious environment.

Disclaimer: Before I show you my solution you need to remember that it is also an additional security layer. Any anti-tampering mechanism cannot be a substitution of fixing vulnerabilities or implementing secure code. Otherwise, it will be only a false sense of security.

To simplify the implementation of anti-tampering mechanism in your iOS application I decided to create the iOS Security Suite — a Swift library that will do all the checks for you! Click here to visit our Github page and download.

Implementing ISS is really easy. To start using it:

  1. Just copy the files from the repo.
git clone https://github.com/securing/IOSSecuritySuite

2. Install via CocoaPods

pod 'IOSSecuritySuite'

3. Use Carthage

github "securing/IOSSecuritySuite"

Now, import ISS in your Swift code and you are set! Read the docs to see full description. Below I’m pasting a code snippet example.

import UIKit
import IOSSecuritySuite
class ViewController: UIViewController {

override func viewDidLoad() {
super.viewDidLoad()
}
override func viewDidAppear(_ animated: Bool) {
let jailbreakStatus = IOSSecuritySuite.amIJailbrokenWithFailMessage()
let title = jailbreakStatus.jailbroken ? "Jailbroken" : "Jailed"
let message = """
Jailbreak: \(jailbreakStatus.failMessage),
Run in emulator?: \(IOSSecuritySuite.amIRunInEmulator())
Debugged?: \(IOSSecuritySuite.amIDebugged())
Reversed?: \(IOSSecuritySuite.amIReverseEngineered())
"""
let alert = UIAlertController(title: title, message: message, preferredStyle: .alert)
alert.addAction(UIAlertAction(title: "Dismiss", style: .default))
print("TEST: \(message)")
self.present(alert, animated: false)
}}

Including this tool in your project is not the only thing you should do in order to improve your app security! You should also read my general mobile security whitepaper.

If you enjoyed this story, please click the 👏 button and share to help others find it! Feel free to leave a comment below.

SecuRing

We help to achieve appropriate level of application security

Wojciech Reguła

Written by

Web apps / iOS / macOS security & blogger — https://wojciechregula.blog

SecuRing

SecuRing

We help to achieve appropriate level of application security

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade