iOS development - tips & tricks

Post on 19-Jun-2015

315 views 3 download


Transcript of iOS development - tips & tricks

iOS Development - Tips & Tricks

iOS Development - Tips & Tricks

Software Development Lead - iOSGalin Kardzhilov

Software Development Manager - iOSStefan Tsvyatkov

iOS Development - Tips & Tricks


Why iOS

Some challenges

iOS Security

iOS Development - Tips & Tricks

About Me

Started with

iOS Development - Tips & Tricks

About Me

iOS Development - Tips & Tricks

Why iOS?

-(NSString *)generateReasonsWhyiOS { NSMutableString *reasons = [[NSMutableString alloc] init]; [reasons appendString:@"It's new"]; [reasons appendString:@"It's challenging"]; [reasons appendString:@"It compiles to native"]; [reasons appendString:@"You have to deal with hardware limitations"]; [reasons appendString:@"You have to provide responsiveness"]; [reasons appendString:@"You have to provide usability"]; [reasons appendString:@"You have to provide security"]; [reasons appendString:@"0ften craftsmanship [reasons appendString:@"Your code runs into people's pockets"]; return reasons; }

iOS Development - Tips & Tricks

Table view

Background image

Custom drawn cells

… flipped

Galin Kardzhilov
Watch video @

iOS Development - Tips & Tricks

Galin Kardzhilov
Watch video @

iOS Development - Tips & Tricks

Scroll View

Custom View

iOS Development - Tips & Tricks

iOS Development - Tips & Tricks

Security in iOS

Local Storage

Communication with the server

Binary analysis and manipulation

iOS Development - Tips & Tricks

Local Storage Security NSUserDefaults Convenient Not encrypted by default Keeps the data in a plist file

CoreData Not encrypted by default Keeps the data in sqlite db

Not secure

iOS Development - Tips & Tricks

Local Storage Security

Keychain Access Encrypted by default A bit more complex for use Insecure on jailbroken devices

Data encryption Crypto API Obfuscate the encryption key Use unique device information

String constant

[[UIDevice currentDevice]


Custom algorith

Secure encryption

iOS Development - Tips & Tricks

Server Communication Security


Don’t accept self-signed certificates

Client and server side data validation

iOS Development - Tips & Tricks

Runtime Manipulation

#import "AppDelegate.h" #import "ptrace.h" !int main(int argc, char * argv[]) { #ifndef DEBUG ptrace(PT_DENY_ATTACH, 0, 0, 0); #endif @autoreleasepool { return UIApplicationMain(argc, argv, nil, NSStringFromClass([AppDelegate class])); } }

ptrace Deny a debugger to attach Can be patched from binary Put it in multiple places

iOS Development - Tips & Tricks



Check if a debugger is attached Hard to be patched from binary Make the check regularly and in critical parts Doesn’t work against Cycript

Runtime Manipulation


iOS Development - Tips & Tricks


Keychain Access for storing

SSL for transporting

Check for debuggers

100% security does not exist

iOS Development - Tips & Tricks

Thank you!

Galin Kardzhilov @graveraStefan Tsvyatkov @stsvyatkov