Encryption of contents in compiled iOS app ( IPA )
As IPA structure is just a zipped file containing compiled codes & media contents like images & audio, how can I protect the contents from being extracted and stolen by others? Is there any encryption I can add into the IPA?
- Can ipa file be created in debug mode?
- Identifying the country code using mobile carrier in iPhone Programatically?
- How to programatically install a ipa file in iOS 6
- Inject dynamic library into enterprise app (ipa)
- How to Create the Upload File for Application Loader?
- Is it safe to share the iOS Enterprise Distribution Certificate with external developers?
Solutions Collect From Internet About “Encryption of contents in compiled iOS app ( IPA )”
This answer mentions that the application is already encrypted by the time it gets onto your users’ devices: Does Apple modify iOS application executables on apps submitted to the App Store?
Sorry, that’s only the application binary. The other media are not encrypted, and no, there’s no way to encrypt the .ipa. You could try encrypting your images and other media on your system, providing a bunch of application code to decrypt those resources when the app runs, and then your decryption code will become a part of the encrypted application binary. You can’t submit an encrypted IPA though, it needs to be the file directly output from Xcode.
In response to your comment, the one I’ve used is CommonCrypto. You need to
#import <CommonCrypto/CommonCryptor.h>, and the implementation I used as my starting point was this category on NSMutableData.
Simple usage example of the above category:
NSMutableData *imageData = [NSMutableData dataWithContentsOfFile:pathToEncryptedFile]; [imageData decryptWithKey:@"SuperSecretDecryptionKey"]; UIImage *decryptedImage = [UIImage imageWithData:imageData];
IMPORTANT NOTE HERE: IF someone was to run the
strings utility on your
.app on a jailbroken iphone, or even on an iPhone they have filesystem access to via USB, they will get a list of all strings declared in your app. This includes “SuperSecretDecryptionKey”. So you may want to use an integer, floating-point or other constant to do on-the-fly generation of a string decryption key, or make sure that the string you use to decrypt things is exactly the same as a normal system string so no-one suspects it as the true key. Security through obscurity, in this case, is advantageous.
Update: You should check out
AQToolkit for this kind of thing, it’s quite comprehensive.
*.strings files, you should encrypt the key and value strings in some manner (maybe one which give you hexadecimal back, or any alphanumeric characters), and when you want to access a given value, say
LicenceNumber, do this:
NSMutableData *keyToRequest = [@"LicenceNumber" dataUsingEncoding:NSUTF8StringEncoding]; [keyToRequest encryptWithKey:@"SuperSecretEncryptionKey"]; NSMutableData *valueToRequest = [[NSBundle mainBundle] localizedStringForKey:[NSString stringWithUTF8String:[keyToRequest bytes]] value:@"No licence" table:@"EncryptedStringsFile"]; [valueToRequest decryptWithKey:@"SuperSecretDecryptionKey"];
- Getting an error from push notification
- Change language of alert in banner of Push Notification
- How to change app language programmatically WITHOUT restarting my app?
- Check if elements in two arrays are same irrespective of index
- AES string encryption in Objective-C
- Removing cancel button in UIImagePickerController?
- XCTest and asynchronous testing in Xcode 6
- Compiling and linking C extension for Python in Xcode for Mac
- iOS – Invert a UIImage with button
- Custom logo on top of UINavigationBar?
- Unable to Archive Xcode Project: No such file or directory
- Should my Block-based API have just completion or both success and failure handlers?
- Using NSNumberFormatter to get a decimal value from an international currency string
- Starting Position of NSSplitView divider
- UIButton – On touch change image