All geek questions in one place

Security Design for iOS App

I'm having trouble deciding the best approach for the following scenario.

  • My POST app for my web service.
  • The POST URL includes several parameters, including device information + shared secret
  • The device is stored in my IF database , the shared secret is correct

Currently, this shared secret is hard-coded in the application, and the connection to my web service is via SSL.

This clearly deprives people of the opportunity to learn a common secret and abuse my web service.

However, this approach is not as secure as we would like, due to the possibility of decoding my application, etc. and secrecy.

Is there a better way to do this than a general approach?

+4
source share
1 answer

With local keys, almost any security approach can somehow be leaked by someone. Of course, this means that it does not mean that we do not need to make any efforts at all. If users download your application, you may be able to continue researching the code for reengineering and refactoring.

However, if there is no other way than putting the secret key in the application binary, you are left with an alternative ( weaker ), which is often called security through obscurity .

, , , , :

  • , .
  • ,

, UAObfuscatedString, .

, - not hardcode a secret key within your apps binary, - "" , , . ...

+1

Source: https://habr.com/ru/post/1545883/

More articles:


All Articles