SlideShare ist ein Scribd-Unternehmen logo

iOS development - tips & tricks

Stefan Tsvyatkov
Stefan Tsvyatkov
Software
1 von 17
Downloaden Sie, um offline zu lesen
iOS Development - Tips & Tricks iOS Development - Tips & Tricks Software Development Lead - iOS Galin Kardzhilov Software Development Manager - iOS Stefan Tsvyatkov
iOS Development - Tips & Tricks Agenda  Why iOS  Some challenges  iOS Security
iOS Development - Tips & Tricks About Me  Started with
iOS Development - Tips & Tricks About Me
iOS Development - Tips & Tricks Why iOS? -(NSString *)generateReasonsWhyiOS { NSMutableString *reasons = [[NSMutableString alloc] init]; [reasons appendString:@"It's new"]; [reasons appendString:@"It's challenging"]; [reasons appendString:@"It compiles to native"]; [reasons appendString:@"You have to deal with hardware limitations"]; [reasons appendString:@"You have to provide responsiveness"]; [reasons appendString:@"You have to provide usability"]; [reasons appendString:@"You have to provide security"]; [reasons appendString:@"0ften craftsmanship [reasons appendString:@"Your code runs into people's pockets"]; return reasons; }
iOS Development - Tips & Tricks  Table view  Background image  Custom drawn cells … flipped Watch video @ http://youtu.be/Um971SFzOfQ
iOS Development - Tips & Tricks Watch video @ http://youtu.be/HrK6PevFYkI
iOS Development - Tips & Tricks Scroll View Custom View
iOS Development - Tips & Tricks
iOS Development - Tips & Tricks Security in iOS  Local Storage  Communication with the server  Binary analysis and manipulation
iOS Development - Tips & Tricks Local Storage Security  NSUserDefaults  Convenient  Not encrypted by default  Keeps the data in a plist file  CoreData  Not encrypted by default  Keeps the data in sqlite db Not secure
iOS Development - Tips & Tricks Local Storage Security  Keychain Access  Encrypted by default  A bit more complex for use  Insecure on jailbroken devices  Data encryption  Crypto API  Obfuscate the encryption key  Use unique device information String constant [[UIDevice currentDevice] identifierForVendor] Custom algorith Secure encryption
iOS Development - Tips & Tricks Server Communication Security  Use SSL  Don’t accept self-signed certificates  Client and server side data validation
iOS Development - Tips & Tricks Runtime Manipulation #import "AppDelegate.h" #import "ptrace.h" ! int main(int argc, char * argv[]) { #ifndef DEBUG ptrace(PT_DENY_ATTACH, 0, 0, 0); #endif @autoreleasepool { return UIApplicationMain(argc, argv, nil, NSStringFromClass([AppDelegate class])); } }  ptrace  Deny a debugger to attach  Can be patched from binary  Put it in multiple places
iOS Development - Tips & Tricks !  SEC_IS_BEING_DEBUGGED_RETURN_NIL() ! ! ! ! ! !  Check if a debugger is attached  Hard to be patched from binary  Make the check regularly and in critical parts  Doesn’t work against Cycript Runtime Manipulation #ifndef DEBUG SEC_IS_BEING_DEBUGGED_RETURN_NIL(); #endif
iOS Development - Tips & Tricks Conclusion  Keychain Access for storing  SSL for transporting  Check for debuggers  100% security does not exist
iOS Development - Tips & Tricks Thank you! Galin Kardzhilov @gravera Stefan Tsvyatkov @stsvyatkov

Empfohlen

iOS Development - Tips & Tricks
iOS Development - Tips & TricksiOS Development - Tips & Tricks
iOS Development - Tips & Tricksit-tour
 
Wordpress Security Tips
Wordpress Security TipsWordpress Security Tips
Wordpress Security TipsLalit Nama
 
CDE personalised learning
CDE personalised learningCDE personalised learning
CDE personalised learningJames Ballard
 
JISC RSC London Workshop - Learner analytics
JISC RSC London Workshop - Learner analyticsJISC RSC London Workshop - Learner analytics
JISC RSC London Workshop - Learner analyticsJames Ballard
 
Learner enhanced technology
Learner enhanced technologyLearner enhanced technology
Learner enhanced technologyJames Ballard
 
Question 1
Question 1 Question 1
Question 1 Yacine Boudjeltia
 
Estudio de factibilidad
Estudio de factibilidadEstudio de factibilidad
Estudio de factibilidadCamilo Rivera
 
Personalised Learning - the Good, the Bad, and the Ugly
Personalised Learning - the Good, the Bad, and the UglyPersonalised Learning - the Good, the Bad, and the Ugly
Personalised Learning - the Good, the Bad, and the UglyJames Ballard
 

Empfohlen

iOS Development - Tips & Tricks
iOS Development - Tips & TricksiOS Development - Tips & Tricks
iOS Development - Tips & Tricksit-tour
 
Wordpress Security Tips
Wordpress Security TipsWordpress Security Tips
Wordpress Security TipsLalit Nama
 
CDE personalised learning
CDE personalised learningCDE personalised learning
CDE personalised learningJames Ballard
 
JISC RSC London Workshop - Learner analytics
JISC RSC London Workshop - Learner analyticsJISC RSC London Workshop - Learner analytics
JISC RSC London Workshop - Learner analyticsJames Ballard
 
Learner enhanced technology
Learner enhanced technologyLearner enhanced technology
Learner enhanced technologyJames Ballard
 
Question 1
Question 1 Question 1
Question 1 Yacine Boudjeltia
 
Estudio de factibilidad
Estudio de factibilidadEstudio de factibilidad
Estudio de factibilidadCamilo Rivera
 
Personalised Learning - the Good, the Bad, and the Ugly
Personalised Learning - the Good, the Bad, and the UglyPersonalised Learning - the Good, the Bad, and the Ugly
Personalised Learning - the Good, the Bad, and the UglyJames Ballard
 
Question 1
Question 1 Question 1
Question 1 Yacine Boudjeltia
 
The a&h bomb
The a&h bombThe a&h bomb
The a&h bombAli Mas
 
Cementite and associates lab 3
Cementite and associates lab 3Cementite and associates lab 3
Cementite and associates lab 3abhamber
 
e-ILP
e-ILPe-ILP
e-ILPJames Ballard
 
Savannah apartment association leasing & marketing
Savannah apartment association leasing & marketingSavannah apartment association leasing & marketing
Savannah apartment association leasing & marketingJolene Sopalski
 
Wireless electric system by VEERANNA
Wireless electric system by VEERANNA Wireless electric system by VEERANNA
Wireless electric system by VEERANNA Bhukya Veeranna
 
Rpm savannah dinner
Rpm savannah dinnerRpm savannah dinner
Rpm savannah dinnerJolene Sopalski
 
The king of country by jaclyn
The king of country by jaclynThe king of country by jaclyn
The king of country by jaclynadriennelarry
 
Learner engagement
Learner engagementLearner engagement
Learner engagementJames Ballard
 
Recruitment and selection
Recruitment and selectionRecruitment and selection
Recruitment and selectionNikhit
 
It's all about the small things final
It's all about the small things finalIt's all about the small things final
It's all about the small things finalJolene Sopalski
 
Q3 presentation
Q3 presentationQ3 presentation
Q3 presentationYacine Boudjeltia
 
FI MUNI 2012 - iOS Basics
FI MUNI 2012 - iOS BasicsFI MUNI 2012 - iOS Basics
FI MUNI 2012 - iOS BasicsPetr Dvorak
 
Building security into the pipelines
Building security into the pipelinesBuilding security into the pipelines
Building security into the pipelinesVandana Verma
 
Capture, record, clip, embed and play, search: video from newbie to ninja
Capture, record, clip, embed and play, search: video from newbie to ninjaCapture, record, clip, embed and play, search: video from newbie to ninja
Capture, record, clip, embed and play, search: video from newbie to ninjaVito Flavio Lorusso
 
Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Stanfy
 
OpenStack keystone identity service
OpenStack keystone identity serviceOpenStack keystone identity service
OpenStack keystone identity serviceopenstackindia
 
Serverless DevSecOps: Why We Must Make it Everyone's Problem | Hillel Solow
Serverless DevSecOps: Why We Must Make it Everyone's Problem | Hillel SolowServerless DevSecOps: Why We Must Make it Everyone's Problem | Hillel Solow
Serverless DevSecOps: Why We Must Make it Everyone's Problem | Hillel SolowAWSCOMSUM
 
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Amazon Web Services
 
Being a tweaker modern web performance techniques
Being a tweaker modern web performance techniquesBeing a tweaker modern web performance techniques
Being a tweaker modern web performance techniquesChris Love
 
Zeronights 2016 - Automating iOS blackbox security scanning
Zeronights 2016 - Automating iOS blackbox security scanningZeronights 2016 - Automating iOS blackbox security scanning
Zeronights 2016 - Automating iOS blackbox security scanningSynack
 
ZeroNights: Automating iOS blackbox security scanning
ZeroNights: Automating iOS blackbox security scanningZeroNights: Automating iOS blackbox security scanning
ZeroNights: Automating iOS blackbox security scanningMikhail Sosonkin
 

Weitere ähnliche Inhalte

Andere mochten auch

The a&h bomb
The a&h bombThe a&h bomb
The a&h bombAli Mas
 
Cementite and associates lab 3
Cementite and associates lab 3Cementite and associates lab 3
Cementite and associates lab 3abhamber
 
Savannah apartment association leasing & marketing
Savannah apartment association leasing & marketingSavannah apartment association leasing & marketing
Savannah apartment association leasing & marketingJolene Sopalski
 
Wireless electric system by VEERANNA
Wireless electric system by VEERANNA Wireless electric system by VEERANNA
Wireless electric system by VEERANNA Bhukya Veeranna
 
The king of country by jaclyn
The king of country by jaclynThe king of country by jaclyn
The king of country by jaclynadriennelarry
 
Recruitment and selection
Recruitment and selectionRecruitment and selection
Recruitment and selectionNikhit
 
It's all about the small things final
It's all about the small things finalIt's all about the small things final
It's all about the small things finalJolene Sopalski
 

Andere mochten auch (12)

Question 1
Question 1 Question 1
Question 1
 
The a&h bomb
The a&h bombThe a&h bomb
The a&h bomb
 
Cementite and associates lab 3
Cementite and associates lab 3Cementite and associates lab 3
Cementite and associates lab 3
 
e-ILP
e-ILPe-ILP
e-ILP
 
Savannah apartment association leasing & marketing
Savannah apartment association leasing & marketingSavannah apartment association leasing & marketing
Savannah apartment association leasing & marketing
 
Wireless electric system by VEERANNA
Wireless electric system by VEERANNA Wireless electric system by VEERANNA
Wireless electric system by VEERANNA
 
Rpm savannah dinner
Rpm savannah dinnerRpm savannah dinner
Rpm savannah dinner
 
The king of country by jaclyn
The king of country by jaclynThe king of country by jaclyn
The king of country by jaclyn
 
Learner engagement
Learner engagementLearner engagement
Learner engagement
 
Recruitment and selection
Recruitment and selectionRecruitment and selection
Recruitment and selection
 
It's all about the small things final
It's all about the small things finalIt's all about the small things final
It's all about the small things final
 
Q3 presentation
Q3 presentationQ3 presentation
Q3 presentation
 

Ähnlich wie iOS development - tips & tricks

FI MUNI 2012 - iOS Basics
FI MUNI 2012 - iOS BasicsFI MUNI 2012 - iOS Basics
FI MUNI 2012 - iOS BasicsPetr Dvorak
 
Building security into the pipelines
Building security into the pipelinesBuilding security into the pipelines
Building security into the pipelinesVandana Verma
 
Capture, record, clip, embed and play, search: video from newbie to ninja
Capture, record, clip, embed and play, search: video from newbie to ninjaCapture, record, clip, embed and play, search: video from newbie to ninja
Capture, record, clip, embed and play, search: video from newbie to ninjaVito Flavio Lorusso
 
Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Stanfy
 
OpenStack keystone identity service
OpenStack keystone identity serviceOpenStack keystone identity service
OpenStack keystone identity serviceopenstackindia
 
Serverless DevSecOps: Why We Must Make it Everyone's Problem | Hillel Solow
Serverless DevSecOps: Why We Must Make it Everyone's Problem | Hillel SolowServerless DevSecOps: Why We Must Make it Everyone's Problem | Hillel Solow
Serverless DevSecOps: Why We Must Make it Everyone's Problem | Hillel SolowAWSCOMSUM
 
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Amazon Web Services
 
Being a tweaker modern web performance techniques
Being a tweaker modern web performance techniquesBeing a tweaker modern web performance techniques
Being a tweaker modern web performance techniquesChris Love
 
Zeronights 2016 - Automating iOS blackbox security scanning
Zeronights 2016 - Automating iOS blackbox security scanningZeronights 2016 - Automating iOS blackbox security scanning
Zeronights 2016 - Automating iOS blackbox security scanningSynack
 
ZeroNights: Automating iOS blackbox security scanning
ZeroNights: Automating iOS blackbox security scanningZeroNights: Automating iOS blackbox security scanning
ZeroNights: Automating iOS blackbox security scanningMikhail Sosonkin
 
Moving applications to the cloud
Moving applications to the cloudMoving applications to the cloud
Moving applications to the cloudSergejus Barinovas
 
MFF UK - Introduction to iOS
MFF UK - Introduction to iOSMFF UK - Introduction to iOS
MFF UK - Introduction to iOSPetr Dvorak
 
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysPositive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysqqlan
 
Mobile Security Assessment: 101
Mobile Security Assessment: 101Mobile Security Assessment: 101
Mobile Security Assessment: 101wireharbor
 
Testing at Both Ends of the Triangle
Testing at Both Ends of the TriangleTesting at Both Ends of the Triangle
Testing at Both Ends of the TriangleDerek Graham
 
PowerShell: A Language for the Internet of Things #ATLPUG
PowerShell: A Language for the Internet of Things #ATLPUGPowerShell: A Language for the Internet of Things #ATLPUG
PowerShell: A Language for the Internet of Things #ATLPUGTaylor Riggan
 
Secure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSecure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSebastien Gioria
 
09 - express nodes on the right angle - vitaliy basyuk - it event 2013 (5)
09 - express nodes on the right angle - vitaliy basyuk - it event 2013 (5)09 - express nodes on the right angle - vitaliy basyuk - it event 2013 (5)
09 - express nodes on the right angle - vitaliy basyuk - it event 2013 (5)Igor Bronovskyy
 

Ähnlich wie iOS development - tips & tricks (20)

FI MUNI 2012 - iOS Basics
FI MUNI 2012 - iOS BasicsFI MUNI 2012 - iOS Basics
FI MUNI 2012 - iOS Basics
 
Building security into the pipelines
Building security into the pipelinesBuilding security into the pipelines
Building security into the pipelines
 
Capture, record, clip, embed and play, search: video from newbie to ninja
Capture, record, clip, embed and play, search: video from newbie to ninjaCapture, record, clip, embed and play, search: video from newbie to ninja
Capture, record, clip, embed and play, search: video from newbie to ninja
 
Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...
 
OpenStack keystone identity service
OpenStack keystone identity serviceOpenStack keystone identity service
OpenStack keystone identity service
 
Serverless DevSecOps: Why We Must Make it Everyone's Problem | Hillel Solow
Serverless DevSecOps: Why We Must Make it Everyone's Problem | Hillel SolowServerless DevSecOps: Why We Must Make it Everyone's Problem | Hillel Solow
Serverless DevSecOps: Why We Must Make it Everyone's Problem | Hillel Solow
 
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
 
Being a tweaker modern web performance techniques
Being a tweaker modern web performance techniquesBeing a tweaker modern web performance techniques
Being a tweaker modern web performance techniques
 
Zeronights 2016 - Automating iOS blackbox security scanning
Zeronights 2016 - Automating iOS blackbox security scanningZeronights 2016 - Automating iOS blackbox security scanning
Zeronights 2016 - Automating iOS blackbox security scanning
 
ZeroNights: Automating iOS blackbox security scanning
ZeroNights: Automating iOS blackbox security scanningZeroNights: Automating iOS blackbox security scanning
ZeroNights: Automating iOS blackbox security scanning
 
Moving applications to the cloud
Moving applications to the cloudMoving applications to the cloud
Moving applications to the cloud
 
MFF UK - Introduction to iOS
MFF UK - Introduction to iOSMFF UK - Introduction to iOS
MFF UK - Introduction to iOS
 
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysPositive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
 
Mobile Security Assessment: 101
Mobile Security Assessment: 101Mobile Security Assessment: 101
Mobile Security Assessment: 101
 
Testing at Both Ends of the Triangle
Testing at Both Ends of the TriangleTesting at Both Ends of the Triangle
Testing at Both Ends of the Triangle
 
Node azure
Node azureNode azure
Node azure
 
PowerShell: A Language for the Internet of Things #ATLPUG
PowerShell: A Language for the Internet of Things #ATLPUGPowerShell: A Language for the Internet of Things #ATLPUG
PowerShell: A Language for the Internet of Things #ATLPUG
 
Secure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSecure Coding For Java - Une introduction
Secure Coding For Java - Une introduction
 
Rsockets ofa12
Rsockets ofa12Rsockets ofa12
Rsockets ofa12
 
09 - express nodes on the right angle - vitaliy basyuk - it event 2013 (5)
09 - express nodes on the right angle - vitaliy basyuk - it event 2013 (5)09 - express nodes on the right angle - vitaliy basyuk - it event 2013 (5)
09 - express nodes on the right angle - vitaliy basyuk - it event 2013 (5)
 

Kürzlich hochgeladen

WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
tonesoftg
tonesoftgtonesoftg
tonesoftglanshi9
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...masabamasaba
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in sowetomasabamasaba
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...masabamasaba
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Hararemasabamasaba
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Bert Jan Schrijver
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...masabamasaba
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 

Kürzlich hochgeladen (20)

WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 

iOS development - tips & tricks

  • 1. iOS Development - Tips & Tricks iOS Development - Tips & Tricks Software Development Lead - iOS Galin Kardzhilov Software Development Manager - iOS Stefan Tsvyatkov
  • 2. iOS Development - Tips & Tricks Agenda  Why iOS  Some challenges  iOS Security
  • 3. iOS Development - Tips & Tricks About Me  Started with
  • 4. iOS Development - Tips & Tricks About Me
  • 5. iOS Development - Tips & Tricks Why iOS? -(NSString *)generateReasonsWhyiOS { NSMutableString *reasons = [[NSMutableString alloc] init]; [reasons appendString:@"It's new"]; [reasons appendString:@"It's challenging"]; [reasons appendString:@"It compiles to native"]; [reasons appendString:@"You have to deal with hardware limitations"]; [reasons appendString:@"You have to provide responsiveness"]; [reasons appendString:@"You have to provide usability"]; [reasons appendString:@"You have to provide security"]; [reasons appendString:@"0ften craftsmanship [reasons appendString:@"Your code runs into people's pockets"]; return reasons; }
  • 6. iOS Development - Tips & Tricks  Table view  Background image  Custom drawn cells … flipped Watch video @ http://youtu.be/Um971SFzOfQ
  • 7. iOS Development - Tips & Tricks Watch video @ http://youtu.be/HrK6PevFYkI
  • 8. iOS Development - Tips & Tricks Scroll View Custom View
  • 9. iOS Development - Tips & Tricks
  • 10. iOS Development - Tips & Tricks Security in iOS  Local Storage  Communication with the server  Binary analysis and manipulation
  • 11. iOS Development - Tips & Tricks Local Storage Security  NSUserDefaults  Convenient  Not encrypted by default  Keeps the data in a plist file  CoreData  Not encrypted by default  Keeps the data in sqlite db Not secure
  • 12. iOS Development - Tips & Tricks Local Storage Security  Keychain Access  Encrypted by default  A bit more complex for use  Insecure on jailbroken devices  Data encryption  Crypto API  Obfuscate the encryption key  Use unique device information String constant [[UIDevice currentDevice] identifierForVendor] Custom algorith Secure encryption
  • 13. iOS Development - Tips & Tricks Server Communication Security  Use SSL  Don’t accept self-signed certificates  Client and server side data validation
  • 14. iOS Development - Tips & Tricks Runtime Manipulation #import "AppDelegate.h" #import "ptrace.h" ! int main(int argc, char * argv[]) { #ifndef DEBUG ptrace(PT_DENY_ATTACH, 0, 0, 0); #endif @autoreleasepool { return UIApplicationMain(argc, argv, nil, NSStringFromClass([AppDelegate class])); } }  ptrace  Deny a debugger to attach  Can be patched from binary  Put it in multiple places
  • 15. iOS Development - Tips & Tricks !  SEC_IS_BEING_DEBUGGED_RETURN_NIL() ! ! ! ! ! !  Check if a debugger is attached  Hard to be patched from binary  Make the check regularly and in critical parts  Doesn’t work against Cycript Runtime Manipulation #ifndef DEBUG SEC_IS_BEING_DEBUGGED_RETURN_NIL(); #endif
  • 16. iOS Development - Tips & Tricks Conclusion  Keychain Access for storing  SSL for transporting  Check for debuggers  100% security does not exist
  • 17. iOS Development - Tips & Tricks Thank you! Galin Kardzhilov @gravera Stefan Tsvyatkov @stsvyatkov