Menu

iOS

DexProtector for iOS

Overview

DexProtector secures iOS applications and Frameworks against static and dynamic analysis, tampering, reverse engineering, and Man-in-the-Middle attacks.

As the final stage of the build process, DexProtector works on compiled packages of any size (in .IPA, .xcarchive, .Framework, and .xcframework format), applying its protection mechanisms at the bitcode level to secure both native and cross-platform apps.


Key features of DexProtector for iOS:

Code Protection

  • String Encryption
  • Bitcode Obfuscation
  • Hide Access to Method Calls and Fields

Content Protection

  • Assets encryption
  • HTML, JS, & CSS code encryption
  • Cryptographic material encryption

Integrity Control

  • Certificate Checks
  • Code Integrity Checks
  • Content Integrity Checks

Network Security

  • Public Key Pinning
  • Certificate Transparency

Runtime Application Self-Protection (RASP)

  • Anti-debug mechanisms
  • UI protection mechanisms
  • Runtime checks (detection and reporting of rooted devices; emulators; debuggers; hooking; tampering; and more)

Protection Recommendations

We recommend making use of all of the security features provided, as each element of protection adds more security and more resistance against malware, reverse engineering, tampering, and Man-in-the-Middle attacks.

We also recommend DexProtecting .xcarchive files in particular, rather than IPAs or frameworks, since they provide a more stable and comprehensive basis for protection.

Bitcode must be enabled for the DexProtector process itself, but DexProtector can strip all bitcode in the course of protection, meaning that there is no security risk involved.

To prepare your package for protection, therefore, follow these steps:

  1. Make sure you are using both the latest version of DexProtector and the latest version of Xcode, in order to ensure mutual compatibility.
  2. Enable bitcode for your app: 
    • Select the project and go to the “Build Settings” tab
    • Under “Build Options”, switch Enable Bitcode to “YES
    • Under “Apple LLVM 9.0 - Custom Compiler Flags”, “Other C Flags”, add -fembed-bitcode to both Debug and Release
    • Click the “+” button and select “Add User-Defined Setting
    • Enter BITCODE_GENERATION_MODE as the name
    • Set BITCODE_GENERATION_MODE to bitcode
  3. Build the app
  4. Navigate to Xcode Organizer (Xcode -> Window -> Organizer), select the corresponding build archive, right-click, Show in Finder. Copy the archive to a folder of your choice. This is the file that will be passed as the input for DexProtection.
  5. Prepare your DexProtector configuration file by either editing the XML file directly or via DexProtector Studio
  6. Run protection either via DexProtector Studio or via the CLI
  7. In Xcode, navigate to Organizer, click File -> Open, find the protected .xcarchive. You can distribute the protected app as usual. All distribution methods are supported (Ad Hoc, Enterprise, AppStore).

Note: To DexProtect an iOS application or SDK, a DexProtector Enterprise license is required. For more information, see our feature comparison for DexProtector Standard and DexProtector Enterprise.