How to Encrypt Specific iOS Strings, Create iOS App Secrets

 

Learn how to Encrypt specific iOS Strings, Create iOS App Secrets. No code required.  As an iOS App developer, you can store and encrypt secrets in protected memory by informing the Appdome build process which specific strings to encrypt.

This Knowledge Base article summarizes the steps needed to encrypt your strings and secrets with Appdome.

Appdome is a no-code mobile security platform and development platform that allows customers to add a wide variety of features, SDKs, and APIs to Android and iOS apps. Using a simple ‘click to add’ user interface, Appdome allows anyone to easily secure any mobile app – instantly, no code or coding required.

Using Appdome, there are no development or coding prerequisites. For example, there is no Appdome SDK, libraries, or plug-ins to implement. Likewise, there is no requirement to implement data at rest encryption manually or to have access to all the locations the application is writing the files to the sandbox for developing external seed for data at rest capabilities for Android or iOS apps. Using Appdome, mobile apps will have data at rest capabilities as if they were natively coded into the app. Except using Appdome, the integration takes less than a minute, and there’s no coding at all.

Prerequisites for Specific Strings And Secret Encryption

About Appdome Strings and Secrets Encryption

There are some app developer steps you can take with apps to inform the Appdome build process which specific strings to encrypt within the built iOS app.

Usage

Developers can specify strings for Appdome to encrypt in their code, for example:

var billingAddress = Address(
        street1: "1 Infinite Loop",
        street2:"",
        city: "Cupertino",
        state: "CA",
        zip: "95014"
)

When building an app on Appdome, Appdome will secure strings if the following modifications are made to the app code using SwiftSecString(“SwiftSecString:…”):

var billingAddress = Address(
        street1: SwiftSecString("SwiftSecString:1 Infinite Loop"),
        street2: "",
        city: SwiftSecString("SwiftSecString:Cupertino"),
        state: SwiftSecString("SwiftSecString:CA"),
        zip: SwiftSecString("SwiftSecString:95014")
)

The purpose of the prefix "SwiftSecString:" is to allow the Appdome AppFusion process to locate the strings and encrypt them, while the SwiftSecString() function envelope makes sure that the string’s contents are available at runtime to the application.

Encryption

After building your app on Appdome, the contents of the strings will be completely encrypted in the binary with no way to decipher them.

For example, here we have a credit-card number and CVV we want to encrypt.

var paymentMethod = PaymentMethod(
        creditCardNumber: SwiftSecString("SwiftSecString:1234-123456-1234"),
        expirationDate: Date(),
        cvv: SwiftSecString("SwiftSecString:999"))

Before fusion the strings will be in the clear:

0000000100026880 aSwiftsecstring_27 DCB "SwiftSecString:1234-123456-1234",0
 00000001000268A0 aSwiftsecstring_28 DCB "SwiftSecString:999",0

After fusion, an attacker won’t be able to recognize this as a string:

0000000100026880 DCB 0xC9,0x2A,"z",0xB8,0xF0,0x74,0x4D,0x65,0x83,"7",0xC5,0x4D,0xB0,0xCE,0x17
 0000000100026880 DCB 0xD4,0xFA,7,"6:F1",0xB1,"F",0x14,0x14,0xCA,0xCE,1,0xE1,0x43,0xE9,0x58,0xA7
 0000000100026880 DCB 0xA0,0xCC,0xF4,"y",0x86,0xDD,0x23,0xF0,0x18,0x1E,0x92,0x8F,0xEC,0x5C,0xA7 
 0000000100026880 DCB 0

Required modifications

It goes without saying that we want the written program to function correctly without it being fused (for testing etc…), therefore we need to add some boilerplate code to the Xcode project so all the syntax withSwiftSecString("SwiftSecString:...")will remain inert.

The following code needs to be added to the Xcode project (preferably in its root folder):

  1. SwiftSecString.m:
    #import <Foundation/Foundation.h>
    @interface OCSwiftSecString : NSString
    @property (nonatomic, strong) NSString *stringHolder;
    @end
    
    @implementation OCSwiftSecString
    - (instancetype)initWithCharactersNoCopy: (unichar *)characters
      length: (NSUInteger)length
      freeWhenDone: (BOOL)freeBuffer
    {
        self = [super init];
        if (self) {
            if (characters[0]  == 'S' &&
                characters[1]  == 'w' &&
                characters[2]  == 'i' &&
                characters[3]  == 'f' &&
                characters[4]  == 't' &&
                characters[5]  == 'S' &&
                characters[6]  == 'e' &&
                characters[7]  == 'c' &&
                characters[8]  == 'S' &&
                characters[9]  == 't' &&
                characters[10] == 'r' &&
                characters[11] == 'i' &&
                characters[12] == 'n' &&
                characters[13] == 'g' &&
                characters[14] == ':') {
                self.stringHolder = [[NSString alloc]
                initWithCharactersNoCopy:characters
                length:length
                freeWhenDone:freeBuffer];
            }
            else
            {
                NSException *ex = [
                    NSException
                    exceptionWithName:@"SwiftSecString format error"
                    reason:@"No "SwiftSecString:" prefix found"
                    userInfo:nil
                ];
                @throw ex;
            }
        }
        return self;
    }
    
    - (NSUInteger)length
    {
        return self.stringHolder.length - 15;
    }
    
    - (unichar)characterAtIndex:(NSUInteger)index
    {
        return [self.stringHolder characterAtIndex:index + 15];
    }
    @end
  2. SwiftSecString.h:
    #ifndef SwiftSecString_h
    #define SwiftSecString_h
    #import <Foundation/Foundation.h>
    @interface OCSwiftSecString : NSString
    @end
    #endif/* SwiftSecString_h */
  3. <Project-Name>-Bridging-Header.h where <Project-Name> is the name of the project:
    #include "SwiftSecString.h"
  4. SwiftSecString.swift:
    import Foundation
    func SwiftSecString(_ s:String) -> String {
        return OCSwiftSecString(s) as String
    }
    
    extension OCSwiftSecString {
        public convenience init(_ s:String) {
            self.init(string:s)
        }
    }

That’s it, you’re ready to go! Now you can build your app on the platform.

How to Encrypt Strings, Secrets and Resources in iOS apps

Start by adding a mobile app to your Appdome account. If you don’t have an Appdome account, click here to create an account.

From the “Build” tab, select Security

  1. Expand TOTALDataTM Encryption category
  2. Switch on Data at Rest Encryption
  3. Switch on Encrypt Strings and Resources
  4. Switch on In-App Secrets Protection
  5. Click Build My App

encrypt ios strings, secrets

After Building Your App on Appdome

After successfully building the app, the app needs to be signed in order to deploy it.  Optionally,  you can also brand or customize apps using Appdome. Read this KB article to learn how to sign, customize, brand, and deploy apps using Appdome.

How Do I Learn More?

This topic expands on Data at Rest encryption, you can read more about it at Data at rest encryption for mobile apps

To zoom out on this topic, visit  Appdome for Mobile App Security on our website.

Thank you!

Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Paul Levasseur

Have a question?

Ask an expert

GilMaking your security project a success!

Get Your Copy
2021 Global Mobile
Consumer Security
Survey