Much has been written regarding iOS’s security model, jailbreaking, finding code execution vulnerabilities in the base OS, and other security-related characteristics. Other work has focused on examining iOS from a forensic perspective, including how to extract data from physical devices or backups as part of criminal investigations. That information is all useful, but this book aims to fill the biggest gaps in the iOS literature: applications.
Little public attention has been given to actually writing secure applica
tions for iOS or for performing security evaluations of iOS applications. As a consequence, embarrassing security flaws in iOS applications have allowed for exposure of sensitive data, circumvention of authentication mechanisms, and abuse of user privacy (both intentional and accidental). People are using iOS applications for more and more crucial tasks and entrusting them with a lot of sensitive information, and iOS application security needs to mature in response.
As such, my goal is for this book is to be as close as possible to the canonical work on the secure development of iOS applications in particular. iOS is a rapidly moving target, of course, but I’ve tried to make things as accurate as possible and give you the tools to inspect and adapt to future API changes.