All Products
Search
Document Center

Mobile Platform as a Service:Security hardening for iOS apps

Last Updated:May 15, 2024

This topic describes how to harden iOS apps using Mobile Security Armor (MSA). Before you harden iOS apps using MSA, you need to read the usage notes and complete the operations described in the prerequisites. 

Usage notes

Before you harden iOS apps using Mobile PaaS (mPaaS) MSA, you need to read the following usage notes and ensure that your projects meet related requirements. Otherwise, you may fail to harden apps, or the effects of hardening apps may be affected. 

  • It is recommended that the relevant code to be hardened is written in C or C++. iOS hardening has better and more stable support for C and C++. In addition, it partially supports Objective-C and does not support Swift.

  • Hardening will bring performance losses and increase theoretical stability risks. It is recommended to only harden the core code that needs to be protected, and extract the C and C++ code that needs to be protected into a separate Framework, and then harden it.

  • Currently supports X86/M1 machines. You can select About This Mac from the Apple menu in the corner of the screen to view overview information about your Mac, including processor information. If it shows Intel processor, it means your Mac is an X86 architecture.

  • Currently supports Xcode 14.1/14.2/15.0.1. Since iOS hardening processes the compiler and requires adaptation of specific Xcode, you need to use a specific version of Xcode when using iOS hardening.

    Important

    Starting April 29, 2024, apps uploaded to App Store Connect must be built using Xcode 15 for iOS 17, iPadOS 17, Apple tvOS 17, or watchOS 10.

  • Please make sure that the App project's workspace is set to New Build System. The check path is Xcode > File > Project Settings > Build System.

Procedure

  1. Configure environment files. Generate the MSAConfig.json file according to the following method, and put it in the $HOME directory. Open the command line on the Mac machine and enter echo $HOME to get the $HOME directory. When using it, replace it with the real value. The fields are as follows:

    {
        "appId": "application appId",
        "workspaceId": "application workspaceId",
        "tenantId": "application tenantId",
        "accessKeyId": "Ant Cloud account accessKeyId",
        "accessKeySecret": "Ant Cloud account accessKeySecret",
        "license": "blank",
        "domain":"xxx"
    }
    Note
  2. Install the hardening tool. 

    1. Download the hardening tool, unzip it and go to the directory toolsxcode.

      Note

      image..png

    2. Open the insertdylib file. In the Confirm dialog box, click Open.

      image

    3. Run the following command: 

      sh ./tools/xcode/install.sh
      Note

      After you run the command, the system automatically finds and replaces compilers in the /Applications/Xcode.app/directory. If you need to restore replaced compilers, you can run the sh ./tools/xcode/uninstall.sh command. 

  3. Open the Framework or IPA project by using Xcode, and then run the Build/Archive command. A dynamic library is not supported for now. 

    Important

    The project path name cannot contain space characters or Chinese characters. Otherwise, an error may occur in the compilation process. 

  4. (Optional) After the above step is complete, check the hardening effects through decompilation. You can check the hardening effects by running the following command. If hardening is successful, the output result will be displayed. 

    nm ./BinaryPath | grep obfuscator

Next steps

After hardening, please be sure to check whether the functions of the key components are normal. If the function of the installation package is abnormal after hardening, Please submit a ticket to contact mPaaS technical support.