How easy can it be for people to see the code / inner working mechanics of a published iOS app?
E.g if there was a certain algorithm or function/class, how easily could people be able to read that?
If it’s possible, is there any way to camouflage or encrypt it so the code can’t be read?
Cheers
A certain algorithm or function/class is not going to be visible to anyone just from having access to a published app. The apps executable has been compiled and optimised so the original source does not even exist inside it. The executables are also encrypted and while can be decrypted if you jail brake a device even then you won't get much info.
While a lot of information about how an app works can be deduced by examining how it works individual algorithms is not something to worry about.
Plus what makes you think anyone is even going to bother trying for your app.
EDIT
As there was some confusion here is a link which talks about the binaries being encrypted when producing universal and thinned ipa files:
https://developer.apple.com/library/content/qa/qa1795/_index.html#//apple_ref/doc/uid/DTS40014195-CH1-APP_STORE_CONSIDERATIONS
Related
I am designing an iOS app UI with a freelancer UI designer and was referring back an forth to an app that I like as an inspiration for my app design.
I asked my designer to design something similar to that app we are looking at, then my designer told me that the way to do this is by coding and not design and he claimed that he hacked the app and is looking at its code !
Is it really possible to simply jailbreak and app and look at its code ? If so then is it at risk that someone would simply copy the code and re skin the app and put it up on app store ?
Code gets uploaded to the app store as a binary so there's never any source code up there to begin with. I guess its possible that your designer is reading the binary somehow but that would be pretty unlikely.
Edit:
It turns out it is possible to load the app into gnu debugger and view assembly. Or to decrypt the app and use class-dump to get the headers. However the original implementation code is gone.
from one of the stackexchange questions Here,its proved that we can decompile the iphone application to its source,Now here comes the question how can we protect the ipa file/iphone application from cracking to its source?i have already verified this answers
here 1
method 2
but sad thing is it fails to protect the code,any updates to prevent app to source code
You can't really.
The iOS runtime on the device needs to be able to interpret the binary, so the binary has to be there, unencrypted and ready to run.
You could obfuscate it, by running it through a tool that scrambles method names, property names and so on. .NET and Java have tools that do this but I'm not aware of any for Objective-C, so I think you're on your own.
(Tools like anticrack, the one you linked to, will work for a short time until someone comes up with a way to reverse what anticrack does - but because your app eventually has to be there in a format the runtime is ready to run, all you can do is make it more difficult. It's like the age-old arms race of pirates vs protection mechanism in desktop applications).
This has been much discussed. Generally, you make more money spending time improving or promoting your app, then spending time trying to prevent it from being cracked in any way.
Is it possible to make app not launchable if it has been cracked and installed from installous? I don't want to see my app in installous
It's not that easy and it not answerable within some words or code snippets.
But you might check this:
http://www.shmoopi.net/ios-anti-piracy/iphone-piracy-protection-code-tutorial-2/
http://www.cocos2d-iphone.org/forum/topic/7667
http://thwart-ipa-cracks.blogspot.com/2008/11/detection.html
The read also here:
http://www.learn-cocos2d.com/2010/05/ignore-everything-youve-heard-about-app-store-piracy/
There are ways to detect whether your app is running on a jailbreaked device or whether your app has been modified (aka cracked). Take a look here and here for example.
From my point of view all you are getting by using these methods is a waste of time. Maybe you can make it harder for potential crackers and keep away the script kiddies. But you won't get that far that no talented cracker on earth would be unable to crack your app. Even one single cracker on earth who's able and motivated to crack your app is enough to upload it to hundred's of sites.
If really big companies fail at protecting their apps I really doubt that you will achieve it... so: wasted time which should be better spend on improving your app.
Probably not, because the part of cracking your application is to remove all restrictions (registration, detection of jailbreak, ...).
I was halfway through developing an iOS app but have sadly lost the development files (it's a long story). I have the latest version still on my iPhone. Is there some way of recovering it or even just part of it for use in Xcode?
Thanks.
In theory you can decompile the binary, which should be backed up in your iTunes backup. It is not a simple process, and if you encrypted the binary you should maybe just give up. The result of the decompilation will be nothing like what you started with -- rather it will be a bunch of cryptic C functions that don't necessarily make sense but which will compile back to your app. You might get something usable. Assuming that you actually are able to decompile and rebuild your app, the challenge you will face is in the future -- maintaining/updating cryptic code.
So my advice is to check the possibility of local backups/checkins (as per other answers here). You might try undeleting the files from your hard drive (DON'T save any more files to your disk, just download undelete software and try it). Short of those things, you can take to heart the advice of my Comp Sci 101 professor. I quote:
Don't fret - it's always easier the second time around.
Good luck.
If you have Time machine enabled on your mac you may want to look in there. But other than that I don't think so.
We are writing a corporate app which will run on a small number of in-house iPads. There will be a need to provide a number of (structurally identical) 'setups' on each iPad, and those setups will contain confidential data. My question is, what's the best way of getting those setups securely onto a device (into the app's private storage).
So far we've considered:
Download from web. This is problematical because we'd have to do quite a lot of work to make this secure.
QR codes. Render the setup as a QR code. We can generate and scan QR codes which represent the setups (they are quite small), but it looks like the available QR code APIs are either quite expensive or a little complex.
iTunes downloads. This is being looked at but I'm not sure what the security implications are.
Have we missed something simpler?
Edit: Just to clarify, a setup takes the form of a small file. It could be XML or JSON or even plain text: it just needs to encode about ten variable names and their values.
It's not clear what you mean by "iTunes downloads". If this isn't referring to iTunes File Sharing, then you should look into that. The user can add files onto the device for particular apps through iTunes.
It's also not clear what you mean by "secure" - this has very different meanings to different people. Sticking an SSL cert onto a server and providing HTTP auth is simple enough. What kind of security beyond that are you looking for?
If QR codes are acceptable, I suggest you look at zxing library. The code contains an iOS example project that you could base your implementation on.
There are some useful web resources to help with implementation: http://yannickloriot.com/2011/04/how-to-install-zxing-in-xcode-4/