What do you think?
Rate this book
iOS Application Security: The Definitive Guide for Hackers and Developers
Eliminating security holes in iOS apps is critical for any developer who wants to protect their users from the bad guys. In iOS Application Security, mobile security expert David Thiel reveals common iOS coding mistakes that create serious security problems and shows you how to find and fix them.
After a crash course on iOS application structure and Objective-C design patterns, you’ll move on to spotting bad code and plugging the holes. You’ll learn about:
–The iOS security model and the limits of its built-in protections
–The myriad ways sensitive data can leak into places it shouldn’t, such as through the pasteboard
–How to implement encryption with the Keychain, the Data Protection API, and CommonCrypto
–Legacy flaws from C that still cause problems in modern iOS applications
–Privacy issues related to gathering user data and how to mitigate potential pitfalls
Don’t let your app’s security leak become another headline. Whether you’re looking to bolster your app’s defenses or hunting bugs in other people’s code, iOS Application Security will help you get the job done well.
After a crash course on iOS application structure and Objective-C design patterns, you’ll move on to spotting bad code and plugging the holes. You’ll learn about:
–The iOS security model and the limits of its built-in protections
–The myriad ways sensitive data can leak into places it shouldn’t, such as through the pasteboard
–How to implement encryption with the Keychain, the Data Protection API, and CommonCrypto
–Legacy flaws from C that still cause problems in modern iOS applications
–Privacy issues related to gathering user data and how to mitigate potential pitfalls
Don’t let your app’s security leak become another headline. Whether you’re looking to bolster your app’s defenses or hunting bugs in other people’s code, iOS Application Security will help you get the job done well.
297 pages, Kindle Edition
First published October 25, 2014
12 people are currently reading
132 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 7 of 7 reviews
June 12, 2024
This book is well-conceived and in 2016, when it was published, it was certainly a very good introduction to iOS security. However, Apple's ecosystem develops so rapidly that a some of what is taught in this book is deprecated, and other more modern developments are missing.
The book begins by giving a brief overview of some security relevant structures of iOS and an Objective-C crash course, and then moves on to setting up the software for a security testing lab. This stuff is still relevant, though Frida, nowadays one of the most popular reverse engineering tools, is notably missing here.
The next part discusses areas of iOS in which security issues can arise, such as networking, interprocess communication and web based apps. This is the part where time has been most unkind to the book. In a modern version of this book, a discussion of security issues for cross-platform apps (React Native, Flutter, Ionic...) should be included, which in 2016 was probably not foreseeable. There are a few smaller mistakes in this sections, such as inconsistent use of variables or in Chapter 10 some passages even blatantly contradict each other (I suppose the author corrected some parts of the text here and forgot to delete the first version later).
The last part gives some advice on how to use the Common Crypto package for cryptography (which is still available, though not Apple's first choice anymore) and how to manage data privacy.
Overall, the book is still worth reading, since what is in it is still valid, but one has to be aware that it gives a very incomplete view of iOS security.
The book begins by giving a brief overview of some security relevant structures of iOS and an Objective-C crash course, and then moves on to setting up the software for a security testing lab. This stuff is still relevant, though Frida, nowadays one of the most popular reverse engineering tools, is notably missing here.
The next part discusses areas of iOS in which security issues can arise, such as networking, interprocess communication and web based apps. This is the part where time has been most unkind to the book. In a modern version of this book, a discussion of security issues for cross-platform apps (React Native, Flutter, Ionic...) should be included, which in 2016 was probably not foreseeable. There are a few smaller mistakes in this sections, such as inconsistent use of variables or in Chapter 10 some passages even blatantly contradict each other (I suppose the author corrected some parts of the text here and forgot to delete the first version later).
The last part gives some advice on how to use the Common Crypto package for cryptography (which is still available, though not Apple's first choice anymore) and how to manage data privacy.
Overall, the book is still worth reading, since what is in it is still valid, but one has to be aware that it gives a very incomplete view of iOS security.
December 14, 2021
I can't give this five stars because it doesn't give the foundation someone would need to truly dive into the iOS mobile app security realm. I can't totally fault the book because the technology and security realm of mobile development is ever changing, however Thiel could have done more to dive deeper.
May 8, 2017
Interesting read. This book gives you a high-level overview how to prevent your app from being easily hacked. There is no in-depth discussion of the security mechanism inside the OS. Easy and quick read, recommend for non-security professionals who are working on iOS apps.
December 21, 2017
Excellent primer on the iOS application security landscape.
October 6, 2020
Helped immensely to jumpstart on building app vulnerability scanner at work. Must-read before tinkering with frida.
September 14, 2021
I liked this book, as has given me a subtle introduction to iOS ecosystem with a focus on security and pentesting.
March 27, 2016
The title is accurate!
Displaying 1 - 7 of 7 reviews