Implementing anti-tampering mechanism in iOS apps
Security is a topic that should be considered also by iOS developers. Since the platform cannot be treated as 100% secure, devs and security division need to create a separate threat model for mobile applications.
![](https://www.securing.pl/eetsassy/2019/05/OPTIMIZED_Implementing-anti-tampering-mechanism-in-iOS-apps-1536x1122-1.jpg)
Security is a topic that should be considered also by iOS developers. Since the platform cannot be treated as 100% secure, devs and security division need to create a separate threat model for mobile applications.
For all the years when iOS exists, many different types of application vulnerabilities have been discovered. They can result in a real risk and should be covered at first! After it is done, in most cases, the fire has been extinguished.
![](https://media.giphy.com/media/l0HlCD37sRinmhGyA/giphy.gif)
However, if you are responsible for developing high risk application you will be probably interested in reaching a higher app resiliency. Before attackers find the vulnerabilities they need to analyze your app. This is the moment when you can make their job harder — implement anti-tampering mechanisms and detect if you application has been launched in a malicious environment.
Disclaimer: Before I show you my solution you need to remember that it is also an additional security layer. Any anti-tampering mechanism cannot be a substitution of fixing vulnerabilities or implementing secure code. Otherwise, it will be only a false sense of security.
To simplify the implementation of anti-tampering mechanism in your iOS application I decided to create the iOS Security Suite — a Swift library that will do all the checks for you! Click here to visit our Github page and download.
![](https://www.securing.pl/eetsassy/2020/06/1-yRe4kqFmgICBSdMkxTUyTA-1024x535.png)
Implementing ISS is really easy. To start using it:
- Just copy the files from the repo.
git clone https://github.com/securing/IOSSecuritySuite
2. Install via CocoaPods
pod 'IOSSecuritySuite'
3. Use Carthage
github "securing/IOSSecuritySuite"
Now, import ISS in your Swift code and you are set! Read the docs to see full description. Below I’m pasting a code snippet example.
import UIKit
import IOSSecuritySuiteclass ViewController: UIViewController {
override func viewDidLoad() {
super.viewDidLoad()
}override func viewDidAppear(_ animated: Bool) {
let jailbreakStatus = IOSSecuritySuite.amIJailbrokenWithFailMessage()
let title = jailbreakStatus.jailbroken ? "Jailbroken" : "Jailed"let message = """
Jailbreak: \(jailbreakStatus.failMessage),
Run in emulator?: \(IOSSecuritySuite.amIRunInEmulator())
Debugged?: \(IOSSecuritySuite.amIDebugged())
Reversed?: \(IOSSecuritySuite.amIReverseEngineered())
"""let alert = UIAlertController(title: title, message: message, preferredStyle: .alert)
alert.addAction(UIAlertAction(title: "Dismiss", style: .default))
print("TEST: \(message)")
self.present(alert, animated: false)
}}
![](https://media.giphy.com/media/xT1R9Ivk4qi5CLoowM/giphy.gif)
Including this tool in your project is not the only thing you should do in order to improve your app security! You should also read my general mobile security whitepaper.
![Wojciech Reguła](https://www.securing.pl/eetsassy/2022/09/Wojciech-Regula-min.jpg)
Head of Mobile Security