Security issues applications not encrypted.

Hello all,

I apologize if it's not in the right section.

I'm working on a little app, mostly a CRUD and three HTTP requests. We will use MDM software to deploy the application (not the App Store). There is no pods, package, or specific framework, it's only basic Swift code.

Unfortunately, I must do a pentest to push my app into production. The security engineer said he would use the mobile security framework tools.

So I tried myself before to be sure that we would succeed. After using the static analyzer, I discovered several issues.

The first issue is :

The binary may use _malloc function instead of calloc.

And I don't know how to prevent that since it is low level, and I don't have access to that.

My second issue is a warning :

This binary is not encrypted.

Honestly, I don't know how to fix that since it seems impossible to encrypt the codebase. Or maybe I'm wrong?

Thanks to everyone who will take the time to read and try to help.

Regards

Up vote post of SlimanD Down vote post of SlimanD
1.1k views
Posted by
SlimanD
Reply
Add a Comment

Replies

And I don't know how to prevent that since it is low level, and I don't have access to that.

I recommend that you discuss this with your security folks because, as you say, this is not under your control.

I don't know how to fix that since it seems impossible to encrypt the codebase.

I believe this is talking about the binary, not the code. When you upload an app to the App Store, the App Store re-signs it for deployment to user devices. As part of this it applies FairPlay encryption. There is no supported way for distributed via other means, such as in-house apps, to opt in to this feature.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment