What are the best methods for adding extra security to an iOS app, so attackers / hackers cannot easily find protected private keys, constant strings inside the code.
PS: I found some other related questions that partially or partially answered some aspects of this question, so I added a detailed question along with some conclusions below, so everyone can benefit from this topic later.
100% security for any application is not possible, but we can try to make an attacking / hacked iOS application as complex as possible, implementing more security so that the application cannot be easily hacked / cracked.
Below are some data that should be safer.
- All user credentials (username, password, etc.)
- API keys, private keys, tokens, WebService / EndPoints URLs, etc. (constant / hard variables)
- WebService requests, response (network layer)
I already saved all user credentials in KeyChain,
1. Is there any approach for encrypting an .ipa file, so decompiling / reverse engineering the iOS Binary App is getting more difficult?
.
2. How to store any key / token with a constant hard code, even if the application is successfully decompiled / cracked by hacked ones; API constants keys / Tokens must be hard to deliver. (Suppose we have already encoded / encrypted keys, and we decode them each time before use)
Below are some conclusions in my mind at the moment, but I'm not sure which approach is better to achieve or if there is any other standard approach, then kindly advice:
We look forward to any suggestions or recommendations to make the iOS application more secure.
source share