iOS development - tips & tricks
1 like638 views
This document discusses tips and tricks for iOS development. It begins with an introduction to the presenters and why iOS development is challenging and interesting. It then discusses specific iOS development topics like table views, scroll views, custom views, and security considerations for local storage, server communication, and preventing runtime manipulation. Security recommendations include using Keychain for storage, SSL for network communication, checking for debuggers, and realizing 100% security is not possible. The document provides code examples and encourages further learning through referenced videos.
![iOS Development - Tips & Tricks
Why iOS?
-(NSString *)generateReasonsWhyiOS {
NSMutableString *reasons = [[NSMutableString alloc] init];
[reasons appendString:@"It's new"];
[reasons appendString:@"It's challenging"];
[reasons appendString:@"It compiles to native"];
[reasons appendString:@"You have to deal with hardware limitations"];
[reasons appendString:@"You have to provide responsiveness"];
[reasons appendString:@"You have to provide usability"];
[reasons appendString:@"You have to provide security"];
[reasons appendString:@"0ften craftsmanship
[reasons appendString:@"Your code runs into people's pockets"];
return reasons;
}](https://image.slidesharecdn.com/iosdevelopment-tipstricks-140728043600-phpapp02/85/iOS-development-tips-tricks-5-320.jpg)
![iOS Development - Tips & Tricks
Local Storage Security
錚 Keychain Access
錚 Encrypted by default
錚 A bit more complex for use
錚 Insecure on jailbroken devices
錚 Data encryption
錚 Crypto API
錚 Obfuscate the encryption key
錚 Use unique device information
String constant
[[UIDevice
currentDevice]
identi鍖erForVendor]
Custom
algorith
Secure encryption](https://image.slidesharecdn.com/iosdevelopment-tipstricks-140728043600-phpapp02/85/iOS-development-tips-tricks-12-320.jpg)
![iOS Development - Tips & Tricks
Runtime Manipulation
#import "AppDelegate.h"
#import "ptrace.h"
!
int main(int argc, char * argv[])
{
#ifndef DEBUG
ptrace(PT_DENY_ATTACH, 0, 0, 0);
#endif
@autoreleasepool {
return UIApplicationMain(argc, argv, nil, NSStringFromClass([AppDelegate class]));
}
}
錚 ptrace
錚 Deny a debugger to attach
錚 Can be patched from binary
錚 Put it in multiple places](https://image.slidesharecdn.com/iosdevelopment-tipstricks-140728043600-phpapp02/85/iOS-development-tips-tricks-14-320.jpg)
iOS development - tips & tricks
- 1. iOS Development - Tips & Tricks iOS Development - Tips & Tricks Software Development Lead - iOS Galin Kardzhilov Software Development Manager - iOS Stefan Tsvyatkov
- 2. iOS Development - Tips & Tricks Agenda 錚 Why iOS 錚 Some challenges 錚 iOS Security
- 3. iOS Development - Tips & Tricks About Me 錚 Started with
- 4. iOS Development - Tips & Tricks About Me
- 5. iOS Development - Tips & Tricks Why iOS? -(NSString *)generateReasonsWhyiOS { NSMutableString *reasons = [[NSMutableString alloc] init]; [reasons appendString:@"It's new"]; [reasons appendString:@"It's challenging"]; [reasons appendString:@"It compiles to native"]; [reasons appendString:@"You have to deal with hardware limitations"]; [reasons appendString:@"You have to provide responsiveness"]; [reasons appendString:@"You have to provide usability"]; [reasons appendString:@"You have to provide security"]; [reasons appendString:@"0ften craftsmanship [reasons appendString:@"Your code runs into people's pockets"]; return reasons; }
- 6. iOS Development - Tips & Tricks 錚 Table view 錚 Background image 錚 Custom drawn cells flipped Watch video @ http://youtu.be/Um971SFzOfQ
- 7. iOS Development - Tips & Tricks Watch video @ http://youtu.be/HrK6PevFYkI
- 8. iOS Development - Tips & Tricks Scroll View Custom View
- 9. iOS Development - Tips & Tricks
- 10. iOS Development - Tips & Tricks Security in iOS 錚 Local Storage 錚 Communication with the server 錚 Binary analysis and manipulation
- 11. iOS Development - Tips & Tricks Local Storage Security 錚 NSUserDefaults 錚 Convenient 錚 Not encrypted by default 錚 Keeps the data in a plist 鍖le 錚 CoreData 錚 Not encrypted by default 錚 Keeps the data in sqlite db Not secure
- 12. iOS Development - Tips & Tricks Local Storage Security 錚 Keychain Access 錚 Encrypted by default 錚 A bit more complex for use 錚 Insecure on jailbroken devices 錚 Data encryption 錚 Crypto API 錚 Obfuscate the encryption key 錚 Use unique device information String constant [[UIDevice currentDevice] identi鍖erForVendor] Custom algorith Secure encryption
- 13. iOS Development - Tips & Tricks Server Communication Security 錚 Use SSL 錚 Dont accept self-signed certi鍖cates 錚 Client and server side data validation
- 14. iOS Development - Tips & Tricks Runtime Manipulation #import "AppDelegate.h" #import "ptrace.h" ! int main(int argc, char * argv[]) { #ifndef DEBUG ptrace(PT_DENY_ATTACH, 0, 0, 0); #endif @autoreleasepool { return UIApplicationMain(argc, argv, nil, NSStringFromClass([AppDelegate class])); } } 錚 ptrace 錚 Deny a debugger to attach 錚 Can be patched from binary 錚 Put it in multiple places
- 15. iOS Development - Tips & Tricks ! 錚 SEC_IS_BEING_DEBUGGED_RETURN_NIL() ! ! ! ! ! ! 錚 Check if a debugger is attached 錚 Hard to be patched from binary 錚 Make the check regularly and in critical parts 錚 Doesnt work against Cycript Runtime Manipulation #ifndef DEBUG SEC_IS_BEING_DEBUGGED_RETURN_NIL(); #endif
- 16. iOS Development - Tips & Tricks Conclusion 錚 Keychain Access for storing 錚 SSL for transporting 錚 Check for debuggers 錚 100% security does not exist
- 17. iOS Development - Tips & Tricks Thank you! Galin Kardzhilov @gravera Stefan Tsvyatkov @stsvyatkov