All geek questions in one place

Application package protection - a signed package * may * be subject to change

Perhaps you all know that the .app package is easily readable with tools like iExplorer (for those who thought that only iTunes File Sharing allows you to access data on iPhone). You may also have read the iOS programming guide, the section “Installing application-specific data files as a first run”. Related paragraphs:

"... Since iOs applications are code-based, modifying the files inside your package invalidates the signature of your application and prevents your application from starting in the future ..."

This is a gentle lie, at least to some extent.

I tried to modify several files in independent third-party free applications purchased from the AppStore, and successfully changed the contents of several files. Voala, the application starts without any problems. The fact is that I used iExplorer, mentioned above, without breaking, breaking, breaking into prisons. Just a device with development support and published, viewed applications.

What should I do?

0
source share
1 answer

Code signing is only verified when the application is installed on the device via iTunes, Xcode, iPhone setup utility, etc. Thus, the wording of the programming guide is a little misleading.

This probably comes down to performance - there are very large applications out there, and checking the checksum of all application resources every time it starts takes too much time.

And the code signing point is not really designed to prevent unauthorized access, but to detect fraud. Or rather, it's just a way of saying that you created this particular binary with these specific resources. An attacker can completely remove the code signature if he wants.

Thus, there will always be ways to change application resources or even code using debugging, etc. You cannot really protect against this.

+3
source

Source: https://habr.com/ru/post/909190/

More articles:


All Articles