Encryption of contents in compiled iOS app ( IPA )

Solutions Collect From Internet About “Encryption of contents in compiled iOS app ( IPA )”

This answer mentions that the application is already encrypted by the time it gets onto your users’ devices: Does Apple modify iOS application executables on apps submitted to the App Store?

Sorry, that’s only the application binary. The other media are not encrypted, and no, there’s no way to encrypt the .ipa. You could try encrypting your images and other media on your system, providing a bunch of application code to decrypt those resources when the app runs, and then your decryption code will become a part of the encrypted application binary. You can’t submit an encrypted IPA though, it needs to be the file directly output from Xcode.

In response to your comment, the one I’ve used is CommonCrypto. You need to #import <CommonCrypto/CommonCryptor.h>, and the implementation I used as my starting point was this category on NSMutableData.

Simple usage example of the above category:

NSMutableData *imageData = [NSMutableData dataWithContentsOfFile:pathToEncryptedFile];
[imageData decryptWithKey:@"SuperSecretDecryptionKey"];
UIImage *decryptedImage = [UIImage imageWithData:imageData];

IMPORTANT NOTE HERE: IF someone was to run the strings utility on your .app on a jailbroken iphone, or even on an iPhone they have filesystem access to via USB, they will get a list of all strings declared in your app. This includes “SuperSecretDecryptionKey”. So you may want to use an integer, floating-point or other constant to do on-the-fly generation of a string decryption key, or make sure that the string you use to decrypt things is exactly the same as a normal system string so no-one suspects it as the true key. Security through obscurity, in this case, is advantageous.

Update: You should check out AQToolkit for this kind of thing, it’s quite comprehensive.

To encrypt/decrypt *.strings files, you should encrypt the key and value strings in some manner (maybe one which give you hexadecimal back, or any alphanumeric characters), and when you want to access a given value, say LicenceNumber, do this:

NSMutableData *keyToRequest = [@"LicenceNumber"
                               dataUsingEncoding:NSUTF8StringEncoding];
[keyToRequest encryptWithKey:@"SuperSecretEncryptionKey"];
NSMutableData *valueToRequest = [[NSBundle mainBundle]
                                 localizedStringForKey:[NSString
                                  stringWithUTF8String:[keyToRequest bytes]]
                                 value:@"No licence"
                                 table:@"EncryptedStringsFile"];
[valueToRequest decryptWithKey:@"SuperSecretDecryptionKey"];