Encryption of contents in compiled iOS app ( IPA )
As IPA structure is just a zipped file containing compiled codes & media contents like images & audio, how can I protect the contents from being extracted and stolen by others? Is there any encryption I can add into the IPA?
- PHP iOS AES Encryption
- MD5 algorithm in Objective C
- CCCrypt difference between iOS5 and iOS6
- RSA Encryption using openssl, variable length for encrypted text with PKCS1 Padding
- How can I do this same encrypt/decrypt PHP function on iOS with Objective-C?
- 3DES encryption in iOS does not seem to encrypt last block
Solutions Collect From Internet About “Encryption of contents in compiled iOS app ( IPA )”
This answer mentions that the application is already encrypted by the time it gets onto your users’ devices: Does Apple modify iOS application executables on apps submitted to the App Store?
Sorry, that’s only the application binary. The other media are not encrypted, and no, there’s no way to encrypt the .ipa. You could try encrypting your images and other media on your system, providing a bunch of application code to decrypt those resources when the app runs, and then your decryption code will become a part of the encrypted application binary. You can’t submit an encrypted IPA though, it needs to be the file directly output from Xcode.
In response to your comment, the one I’ve used is CommonCrypto. You need to
#import <CommonCrypto/CommonCryptor.h>, and the implementation I used as my starting point was this category on NSMutableData.
Simple usage example of the above category:
NSMutableData *imageData = [NSMutableData dataWithContentsOfFile:pathToEncryptedFile]; [imageData decryptWithKey:@"SuperSecretDecryptionKey"]; UIImage *decryptedImage = [UIImage imageWithData:imageData];
IMPORTANT NOTE HERE: IF someone was to run the
strings utility on your
.app on a jailbroken iphone, or even on an iPhone they have filesystem access to via USB, they will get a list of all strings declared in your app. This includes “SuperSecretDecryptionKey”. So you may want to use an integer, floating-point or other constant to do on-the-fly generation of a string decryption key, or make sure that the string you use to decrypt things is exactly the same as a normal system string so no-one suspects it as the true key. Security through obscurity, in this case, is advantageous.
Update: You should check out
AQToolkit for this kind of thing, it’s quite comprehensive.
*.strings files, you should encrypt the key and value strings in some manner (maybe one which give you hexadecimal back, or any alphanumeric characters), and when you want to access a given value, say
LicenceNumber, do this:
NSMutableData *keyToRequest = [@"LicenceNumber" dataUsingEncoding:NSUTF8StringEncoding]; [keyToRequest encryptWithKey:@"SuperSecretEncryptionKey"]; NSMutableData *valueToRequest = [[NSBundle mainBundle] localizedStringForKey:[NSString stringWithUTF8String:[keyToRequest bytes]] value:@"No licence" table:@"EncryptedStringsFile"]; [valueToRequest decryptWithKey:@"SuperSecretDecryptionKey"];
- iOS CAKeyFrameAnimation Scaling Flickers at animation end
- How to write a simple Ping method in Cocoa/Objective-C
- Use NSNotificationCenter selector for one observer in multiple view controllers
- How to use Superpowered lib in Swift project
- Assign value to optional dictionary in Swift
- UITableViewCell needs reloadData() to resize to correct height
- Realm accessed from incorrect thread
- Can ipa file be created in debug mode?
- This App Is Incompatible With This iPod touch
- Versioning objects in firebase
- Swift: error: use of instance member on type
- Creating manual segue correctly through storyboard and xcode
- How to make protocol associated type require protocol inheritance and not protocol adoption
- UINavigationController popViewControllerAnimated: crash in iOS 6
- NSArray of united Arrays