All Products
Search
Document Center

Mobile Platform as a Service:Security hardening for iOS apps

Last Updated:Dec 14, 2023

This topic describes how to harden iOS apps using Mobile Security Armor (MSA). Before you harden iOS apps using MSA, you need to read the usage notes and complete the operations described in the prerequisites. 

Usage notes

Before you harden iOS apps using Mobile PaaS (mPaaS) MSA, you need to read the following usage notes and ensure that your projects meet related requirements. Otherwise, you may fail to harden apps, or the effects of hardening apps may be affected. 

  • Currently supports X86/M1 machines. You can choose About This Mac from the Apple menu in the corner of your screen to see at-a-glance information about your Mac, including processor information. If it says Intel processor, your Mac is X86 architecture.

  • Currently supports Xcode 14.1/14.2. Since iOS hardening will process the compiler and needs to be adapted to a specific Xcode, a specific version of Xcode is required when using iOS hardening. If you need to use a higher version of Xcode, please contact the mPaaS technical support team.

  • It is recommended that the relevant code to be hardened be written in C or C++. iOS hardening has better and more stable support for C and C++. In addition, it partially supports Objective-C and does not support Swift.

  • Ensure that the workspace for app projects is set to New Build System. The check path is Xcode > File > Project Settings > Build System

  • Hardening apps may bring performance loss and raise stability risks theoretically. We recommend that you only harden the core code to be protected. That is, extract the code that is to be protected and is written in the C or C++ programming languages into a separate Framework project, and then harden the code. 

Prerequisites

  • iOS security hardening depends on the backend system. When using security hardening, the Xcode compiler will upload the compiled intermediate code of the code in the project to the backend system, and the backend server will harden the intermediate code and return it to the compiler. Xcode will merge all returned intermediate codes accordingly to generate Framework or ipa.

Procedure

  1. Configure environment files. Generate the MSAConfig.json file according to the following method, and put it in the $HOME directory. Open the command line on the Mac machine and enter echo $HOME to get the $HOME directory. When using it, replace it with the real value. The fields are as follows:

    {
        "appId": "application appId",
        "workspaceId": "application workspaceId",
        "tenantId": "application tenantId",
        "accessKeyId": "Ant Cloud account accessKeyId",
        "accessKeySecret": "Ant Cloud account accessKeySecret",
        "license": "blank",
        "domain":"xxx"
    }
    Note
  2. Install the hardening tool. 

    1. Download the hardening tool xcodeplugin-x86_64-5.7.2 or xcodeplugin-arm64-5.7.2,  unzip it and go to the directory toolsxcode.

      Note

      image..png

    2. Open the insertdylib file. In the Confirm dialog box, click Open.

    3. Run the following command: 

      sh ./tools/xcode/install.sh
      Note

      After you run the command, the system automatically finds and replaces compilers in the /Applications/Xcode.app/directory. If you need to restore replaced compilers, you can run the sh ./tools/xcode/uninstall.sh command. 

  3. Open the Framework or IPA project by using Xcode, and then run the Build/Archive command. A dynamic library is not supported for now. 

    Important

    The project path name cannot contain space characters or Chinese characters. Otherwise, an error may occur in the compilation process. 

  4. (Optional) After the above step is complete, check the hardening effects through decompilation. You can check the hardening effects by running the following command. If hardening is successful, the output result will be displayed. 

    nm ./BinaryPath | grep obfuscator

After hardening, please be sure to check whether the functions of the key components are normal. If the function of the installation package is abnormal after hardening, Please submit a ticket to contact mPaaS technical support.