Guidelines on mobile application security – iOS edition

This guide was written with developers in mind who are interested in iOS app security. It addresses subjects that are often troublesome and encountered in pentests, according to our experience. Each chapter includes a thorough overview of a problem as well as current best practices, code samples, and implementation guidance. We provide a list of key issues to concentrate on in the process of developing high-risk mobile applications – for example, applications that process financial, private, or personal data – at the end of each chapter.

Get this material on your inbox

get

×

Materiał premium

Aby otrzymać materiały premium uzupełnij formularz. Pliki zostaną wysłane na adres e-mail wskazany w formularzu

Imię *

Stanowisko

Adres email *

premium-agreement *

• Przeczytałem i akceptuję Regulamin i Politykę Prywatności

newsletter-agreement

• Chcę dołączyć do newslettera

Phone

Wyślij

Topics covered in this guide:

• Secure secrets storage on iOS
• Secure networking on iOS
• Implementing secure WebView iOS applications
• Reverse Engineering protections
• Local authorization

Keep in mind that both security mechanisms and attack techniques are constantly evolving, thus both developers as well as security professionals should be always at alert and constantly update their knowledge on current best practices and standards. 

In addition to that, the good and secure SDLC process should include Threat Modelling at the beginning and Penetration Testing at the end. 

We also recommend following us in social media to keep up to date with current security issues..

If you have any comments, a change request, want to provide any feedback, or help with future development of this document, please don’t hesitate to use our contact form.

Wojciech Reguła Principal IT Security Consultant
Head of Mobile Security