Blocking Method Swizzling
This knowledge base article describes method swizzling, its possible uses and how to block it.
What is Method Swizzling?
Method Swizzling means changing the functionality of an existing method by replacing it with another, user-created method. In iOS, this technique is one of the Objective-C language features. Using the Objective-C API a developer can, for example, replace the method in charge of the clicks in the Button class with a function that counts how many times the user clicked on each button. Many SDKs use method swizzling to modify the behavior of applications during runtime (e.g.: a crash handler), thus saving the app’s developers the need to write sections of code that are repeated in multiple places (boilerplate code).
Why Block Method Swizzling?
While method swizzling was designed for legitimate use (mostly by developers), “black hat” hackers also use method swizzling to alter the behavior of other apps, in the process of creating and distributing malwares and (jailbroken) iPhone tweaks. For instance, a malicious attacker can swizzle the method responsible for the Internet connections and change the destination of these connections, or even steal user data. Users can use tweaks that exploit this Swizzling mechanism to bypass the application security features, inspect the app business logic, or cheat in games and have an unfair advantage over other users.
Method swizzling can be performed at both the system and the application level. As a result, even if a specific app class was not tampered with, the class may use a maliciously modified system class. Therefore, each class used by the application, either directly or indirectly, needs protection.