I am trying to build an iOS application which has a PDF file emdebbed in it, and I don’t want the user to access or find it by unpacking the IPA file. I found that if I UNCHECK the “Add to Target” check box (when I drag and drop the PDF file into my project), the PDF file will be hidden and no one can see it after showing the IPA contents.
My question is, should I be worry from this case, in another word, if I unchecked this option, will I face any issue in publishing my application or in deploying/supporting any of my targeted devices, or should I be worry from any issue may face the users in reading this PDF through my application?
I did some research regarding this point, but I couldn’t find any good or clear answer, I appreciate any help in this.
If you uncheck the "Add to target" button it means that the .pdf file will not be packed to the .ipa file and it will not be accessible at all when someone downloads your app. So this is definitely not an option for what you want to achieve. It is better to encrypt the pdf file and decrypt it on runtime if you dont want it to be accessed when someone unpacks the .ipa file.
How important is your security? You could just zip it, then name the file something other than "*.zip".
However that would not stop someone who was determined. You would be advised then to use real encryption.
But even that would not stop a truly-determined attacker, who might use a jailbroken device to capture your PDF while it was loaded in your program's memory.
You can make it difficult to get at your PDF, but if you can get at it from your App, then I myself could get at it if I downloaded your app to my device.
Related
I want to see the code of an iOS app.
The app I downloaded is .deb.
First question: Is it possible to install .deb file on iOS or I downloaded a wrong file?
After unpacking the .deb file, I got some files, including .nib, .storyboard and some other files.
My main question is, How to decompile these .nib files?
I tried to decompile these files using NibToXibConverter, but I didn't succeed.
Answer to your first question:
I think you downloaded the wrong file. .deb files for iOS are common for jailbreak community and not for apps, I think all of the Cydia stuffs are packed into .deb's. If your app is especially made for the jailbreak scene then you may try to install it using Cydia's auto install feature on a jailbroken device.
Answer to your main question:
This is general info about decompiling and modifying iOS apps (not specific for nibs, but you may still find it useful).
iOS apps are distibuted in .ipa archives, which are ordinary zip archives. They contain, usually one executable in the form of Mach-O file, and resources like .plist, sounds, images - every resource you include in your xcode project. Decompiling the executable file is only possible on jailbroken iDevice, because it is encrypted especially for the current device and the magic key to decrypt the binary is burned inside the device CPU and as far as I know there is no software way to read that key. The encryption system here is called FairPlay.
Briefly described, one way to decrypt that binary is to have the app installed on a jailbroken device, and launch it from command line using a debugger (gdb) which you can download from Cydia. You have to set a breakpoint somewhere, and when your code execution pauses at the breakpoint, you are doing a memory dump of the device ram - and that is your decrypted bin.
So when you have the decrypted binary, you can run one tool called "class-dump", and get the information for declared classes and their methods if the app is written in Objective C. Once you know this information you can alter the implementation of given method from some class used in your app using "Cydia Subtstrate" a.k.a "Mobile Substrate". In fact that is the way all of the jailbroken iOS tweaks are made. Basically you are hooking a method call, and when that method get invoked, it uses your implementation. Furthermore your implementation can call the original implementation, and that is really useful if you want to make some small code addition.
I am not sure whether those things possible in Swift, but if you are dealing with a Hybrid app like the ones done with cordova, phonegap, etc., then you can see all of its javascript source because it is persisted as a resource inside the "ipa" file. In addition you can alter that javascript code directly if you have a jailbroken device and find where the app is installed on file system (usually /var/containers/Bundle/Application/uuid_for_your_app/). However, I think there is no way to get that patched version and redistribute it (correct me if I'm wrong).
My Issue
Supported by the Xamarin guidance here http://developer.xamarin.com/guides/ios/deployment,_testing,_and_metrics/app_distribution_overview/publishing_to_the_app_store/ I used the App Loader tool (recently downloaded version 3) and uploaded my .ipa file. Everything indicates success but after a few minutes, it moves from “uploaded” to “invalid binary”
I have checked stackoverflow and done a few suggestions ive double-checked all my image files and the build for 64 bit etc. Any help you can provide is appreciated.
Well since I dont have a 10 reputation I cannot post pics and i can only do one link, so I am going to upload this to my blog, I appreciate any help i can get please.
See complete issue explained here - http://www.fabiangwilliams.com/2015/03/13/troubleshooting-itunesconnect-invalid-binary-with-xamarin-project/
I've hit this issue twice, including a few days ago. In both cases the cause was that I included a bundle resource file (of my own proprietary format and definition) with the *.app extension. For some reason, Apple's validation choked on this. The hint was that the auto-generated email sent by iTunes Connect said something about requiring the zip extension. Red herring error message, but it jogged my memory that *.app is a "special" extension I can't use for my own stuff.
Just to be clear, this *.app file that caused an issue was buried inside my overall *.ipa file and its *.app directory. So you still need the standard format, you just need to be careful not to use Apple's extensions for your own proprietary data.
How easy is it to open up an app submitted to Apple's store?
I'm going to submit a new app to the store soon, and want to protect the app file from being opened up to the source-code. So for instance, if I were to download my own app, how easy would it be to pull out all the .h and .m files and recreate it in Xcode?
Does Apple encrypt it somehow?
What steps can I take to mitigate the code being viewed?
EDIT: Allow me to rephrase the question a little better - can I take decompiled code and make it human-readable?
An IPA is just a zip. But you don't even need to access the IPA.
Just get iExplorer and access all available assets of your installed apps from your Mac.
The m files however build a compiled binary and can not be read (if you consider de-compiled code as not readable, as I do)
Adding on the answer, it is possible to decompile the binary, but the only thing that would be directly removable from the binary itself would be the headers (or to my knowledge of what I've seen). Then the application would be reverse engineered from there. That would probably be the only thing I'd be worried about when it comes to people stealing my code.
I have an IPA that I want to distribute to users. The IPA includes some user data that should be moved to the documents directory on the first install.
My problem is that I can copy the files from the resources directory but not delete it, meaning that the data will be twice on the device.
Is there a possibility to include data into an IPA that is put into the documents folder on install? Or is there any folder I can add to an IPA that I can access with write permissions without having the device jailbroken?
I have taken a look at the documentation but could not find anything about that topic.
You can't do that.
I believe you are overthinking it. If the amount of data is small than there won't be any problem with it being twice on the device.
If the amount of data is big, you should put it on a server and download it after installation.
No, this is not possible. All data with in the application bundle is readonly and can therefor not be modified.
Is there anyway to programmatically get a list of iOS apps from iTunes?
AppleScript does not seem able to do this.
The only way I can think of is looking in the 'iTunes Media/Mobile Applications' folder. But this way a lose all metadata.
Any suggestions to get list of iOS apps including the metadata?
Thanks
I now actually went with the solution to scan the 'Mobile Applications' folder.
In order to get the metadata I had to do the following:
the *.ipa are simply archives
unzip/extract the 'iTunesMetadata.plist' inside
parse the plist
voila you got all metadata
This whole process is actually pretty straightforward in python as your already have both zipfile and plistlib.
One thing to lookout for though is that plistlib in python can not handle the new binary plist files. So you first have to convert them to their corresponding xml format. (only some *.ipa seem to be in binary form).
This can be done quite easily with the following line of code:
os.system("/usr/bin/plutil -convert xml1 %s" % file_name )
Now the only thing I still have to figure out is how to get the currently installed apps on the device...