1. iOS Development - Tips & Tricks
iOS Development - Tips & Tricks
Software Development Lead - iOS
Galin Kardzhilov
Software Development Manager - iOS
Stefan Tsvyatkov

2. iOS Development - Tips & Tricks
Agenda
 Why iOS
 Some challenges
 iOS Security

3. iOS Development - Tips & Tricks
About Me
 Started with

4. iOS Development - Tips & Tricks
About Me

5. iOS Development - Tips & Tricks
Why iOS?
-(NSString *)generateReasonsWhyiOS {
NSMutableString *reasons = [[NSMutableString alloc] init];
[reasons appendString:@"It's new"];
[reasons appendString:@"It's challenging"];
[reasons appendString:@"It compiles to native"];
[reasons appendString:@"You have to deal with hardware limitations"];
[reasons appendString:@"You have to provide responsiveness"];
[reasons appendString:@"You have to provide usability"];
[reasons appendString:@"You have to provide security"];
[reasons appendString:@"0ften craftsmanship
[reasons appendString:@"Your code runs into people's pockets"];
return reasons;
}

6. iOS Development - Tips & Tricks
 Table view
 Background image
 Custom drawn cells
… flipped
Watch video @ http://youtu.be/Um971SFzOfQ

7. iOS Development - Tips & Tricks
Watch video @ http://youtu.be/HrK6PevFYkI

8. iOS Development - Tips & Tricks
Scroll View
Custom View

9. iOS Development - Tips & Tricks

10. iOS Development - Tips & Tricks
Security in iOS
 Local Storage
 Communication with the server
 Binary analysis and manipulation

11. iOS Development - Tips & Tricks
Local Storage Security
 NSUserDefaults
 Convenient
 Not encrypted by
default
 Keeps the data in a
plist file
 CoreData
 Not encrypted by
default
 Keeps the data in
sqlite db
Not secure

12. iOS Development - Tips & Tricks
Local Storage Security
 Keychain Access
 Encrypted by default
 A bit more complex for use
 Insecure on jailbroken devices
 Data encryption
 Crypto API
 Obfuscate the encryption key
 Use unique device information
String constant
[[UIDevice
currentDevice]
identifierForVendor]
Custom
algorith
Secure encryption

13. iOS Development - Tips & Tricks
Server Communication Security
 Use SSL
 Don’t accept self-signed certificates
 Client and server side data validation

14. iOS Development - Tips & Tricks
Runtime Manipulation
#import "AppDelegate.h"
#import "ptrace.h"
!
int main(int argc, char * argv[])
{
#ifndef DEBUG
ptrace(PT_DENY_ATTACH, 0, 0, 0);
#endif
@autoreleasepool {
return UIApplicationMain(argc, argv, nil, NSStringFromClass([AppDelegate class]));
}
}
 ptrace
 Deny a debugger to attach
 Can be patched from binary
 Put it in multiple places

15. iOS Development - Tips & Tricks
!
 SEC_IS_BEING_DEBUGGED_RETURN_NIL()
!
!
!
!
!
!
 Check if a debugger is attached
 Hard to be patched from binary
 Make the check regularly and in critical
parts
 Doesn’t work against Cycript
Runtime Manipulation
#ifndef DEBUG
SEC_IS_BEING_DEBUGGED_RETURN_NIL();
#endif

16. iOS Development - Tips & Tricks
Conclusion
 Keychain Access for storing
 SSL for transporting
 Check for debuggers
 100% security does not exist

17. iOS Development - Tips & Tricks
Thank you!
Galin Kardzhilov @gravera
Stefan Tsvyatkov @stsvyatkov