Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

App Store code obfuscation?

Tags:

xcode

cocoa

app-store

Just wanted to make sure: What has happen to all the strings, urls I have in my binary?

When I build the project and later I browse the contents of the binary (when the project is called something, the something.app is generated and inside the binary: "something") using Smultron or any other source editor I can easily find all the strings I'm using in the app, in this case - URL to the API and localization keys like "login TITLE" (linking to Localization.strings).

My application has been approved and I downloaded the app. Renamed the ipa to zip and extracted. To my surprise in the binary I couldn't find any string - neither URLs, nor any other.

Does it mean my App has been obfuscated or was it encrypted by Apple DRMs?

Regards Chris

like image 753
Chris Rutkowski Avatar asked Jan 04 '11 15:01

Chris Rutkowski

People also ask

Do iOS apps need obfuscation?

Why iOS apps need obfuscation. Mobile app-based cybercrime is ever-evolving, and hackers always find new and better methods to reverse engineer apps to identify weaknesses, secrets and get a hold of sensitive information. Objective-C and Swift are the most common programming languages for iOS apps.

Does Google obfuscate their code?

If you're referring to the code you see when you press "View Page Source" on Google, then yes, the code is obfuscated.

What is obfuscation app?

Obfuscation is a way for Android developers to protect their apps from reverse engineering and tampering attempts by masking their source code and data. Without this level of protection, malicious actors can easily gain an understanding of an app's inner workings.

How do you obfuscate in Objective-C?

Objective-C code cannot be 100% obfuscated. There are some open source and some commercial tools that will obfuscate the class name, the custom methods and variables, but be aware that they can easily break and crash your app.

1 Answers

You can indeed easily find those. But no worries, URL calls are also easily found by monitoring network connections. The trick is to communicate through SSL using POST.

the App Store build you make secures the app somewhat (DRM and what not), but I believe a simple HEX editor can get some stuff back. Reverse engineering is always an option.

I wouldn't worry about finding the URL's, I'd worry about how safe those calls are. People will always be able to find the things you like to hide. The trick is to make it impossible for them to (mis)use it.

like image 64
Jake Avatar answered Sep 21 '22 13:09

Jake
Sign in to Comment

Related questions

Swift type-check takes long time
Error trying to add SVG image to xcode assets
Xcode error "failed to read asset tags: unexpected error generating result tags"
Mac Catalyst and iOS 13.5
Undefined symbols for architecture arm64 after linking a static library in iOS app
xcodebuild error "binaries with multiple platforms are not supported" while generating xcframework library
Xcode log message "flock failed to lock list file"
Error Domain=NSCocoaErrorDomain Code=4099 in my debug area
Changing the default header comment license in Swift Package
UI Tests Flaky on CI
Why does iOS Status Bar collapses because of Blur Effect since iOS 15?
Can an XCode static library require linkage with a dynamic library?
XCode: Static Analyzer doesn't work if C/C++-Code used in project
Objective-C static analysis tools -- plugin to Xcode?
How to static analyze C++ and Objective-C++ code?
How does XCode signal an app to stop while running in the simulator
Linker error (only simulator) with own library after update to iPhone SDK 4.0
viewWillAppear: method doesn't seem to respond while using tab bar and navigation controllers together
how to solve Instruments detected leaks whose responsible library is Apple's framework?
How is application ID used by Xcode when building/signing the application?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!