Learn the 3 Easy Steps to Obfuscate iOS Control Flows and Methods. Relocate Control Flows To Obscure the app logic and prevent reverse engineering. No Code, No SDK.
This Knowledge Base article provides step-by-step instructions for using Appdome to add obfuscate the control flow in an iOS app. Control flow relocation is one of the multiple methods you can use to obfuscate mobile apps as a first line of defense against static code analysis. Static code analysis is a type of reverse engineering where attackers try to understand how your app works by analyzing your source code and the app’s logical control flows.
In recent years, decompilers have reached a maturity level that allows recovering source code back from mobile apps with ease. Obfuscation has become a well-established preventive measure developers use against static reverse engineering attempts. What sets various obfuscation solutions apart is several things: Ease of use (e.g., specialized compilers and post-build tools), Performance (i.e., performance penalty, if any) and the reference threat level.
Since eventually all defenses can be broken, which indicates how good a defense is the amount of work, expertise and time expected to break the defense.
Appdome’s Flow Relocation is a security feature that modifies a mobile app’s compiled code by obfuscating the logical control-flow of the app. Appdome’s Flow-Relocation makes reverse engineering an arduous task while preserving the functionality and performance of the original app. Appdome with Flow-Relocation™ is compatible with mobile apps built in any development environment including Native Android and iOS apps, hybrid apps, and non-native apps built-in Xamarin, Cordova, and React Native, Ionic, and more. This streamlines implementations, cuts development work, and ensures a guaranteed and consistent integration of Flow-Relocation™ to any mobile app.
In iOS, the application’s executable (see the structure of iOS applications) manifests as binary code. To make it un-parsable by reverse engineering tools, Appdome uses several techniques such as polymorphic unconditional branching in place of the original instructions so that the original instructions no longer appear in the application’s binary. This creates an appearance of spaghetti code which is extremely difficult to reverse engineer.
IMPORTANT: The feature is hardware-specific and only applies to ARM64 binaries. This means:
This feature works very well together with Binary Code Obfuscation to create an iron-clad anti-reversing shield for the application’s binary.
This obfuscation technique provides the following benefits:
login->verify-username->access-user-db, it will appear as two disconnected paths:
verify-username->b. You will notice that
access-user-dbis not even referenced.
If your application was developed using a non-native framework such as React-Native, Cordova or Xamarin, you might want to check out Non-Native Code Obfuscation.
If, on the other hand, your application has more native code in it, we recommend you check out Binary Code Obfuscation.
We are aware of course, that applications are not always perfect and there might be crashes here and there. We took special care when designing code flow relocation to make sure that the original flow is visible in the stack trace of Java exceptions.
This enables developers to quickly trace the source of a bug in the app, even when obfuscated.
Please follow these 3 easy steps to implement Flow Relocation in iOS apps.
Congratulations! Your iOS app is now secured with Appdome Flow Relocation.
In order to use Appdome’s no-code implementation of Flow Relocation on Appdome, you’ll need:
After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:
Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome.
Check out the following related KB articles:
If you have any questions, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.
Or request a demo at any time.
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.