How to Encrypt Specific iOS Strings, Create iOS App Secrets

Learn how to Encrypt specific iOS Strings, Create iOS App Secrets. No code required.  As an iOS App developer, you can store and encrypt secrets in protected memory by informing the Appdome build process which specific strings to encrypt.

This Knowledge Base article summarizes the steps needed to encrypt your strings and secrets with Appdome.

Appdome is a no-code mobile security platform and development platform that allows customers to add a wide variety of features, SDKs, and APIs to Android and iOS apps. Using a simple ‘click to add’ user interface, Appdome allows anyone to easily secure any mobile app – instantly, no code or coding required.

Using Appdome, there are no development or coding prerequisites. For example, there is no Appdome SDK, libraries, or plug-ins to implement. Likewise, there is no requirement to implement data at rest encryption manually or to have access to all the locations the application is writing the files to the sandbox for developing external seed for data at rest capabilities for Android or iOS apps. Using Appdome, mobile apps will have data at rest capabilities as if they were natively coded into the app. Except using Appdome, the integration takes less than a minute, and there’s no coding at all.

Prerequisites for Specific Strings And Secret Encryption

About Appdome Strings and Secrets Encryption

There are some app developer steps you can take with apps to inform the Appdome build process which specific strings to encrypt within the built iOS app.

Usage

Developers can specify strings for Appdome to encrypt in their code, for example:

var billingAddress = Address(
        street1: "1 Infinite Loop",
        street2:"",
        city: "Cupertino",
        state: "CA",
        zip: "95014"
)

When building an app on Appdome, Appdome will secure strings if the following modifications are made to the app code using SecString(“SecString:…”):

var billingAddress = Address(
        street1: SecString("SecString:1 Infinite Loop"),
        street2: "",
        city: SecString("SecString:Cupertino"),
        state: SecString("SecString:CA"),
        zip: SecString("SecString:95014")
)

The purpose of the prefix "SecString:" is to allow the Appdome AppFusion process to locate the strings and encrypt them, while the SecString() function envelope makes sure that the string’s contents are available at runtime to the application.

Encryption

After building your app on Appdome, the strings contents will be completely encrypted in the binary with no way to decipher them.

For example, here we have a credit-card number and CVV we want to encrypt.

var paymentMethod = PaymentMethod(
        creditCardNumber: SecString("SecString:1234-123456-1234"),
        expirationDate: Date(),
        cvv: SecString("SecString:999"))

Before fusion the strings will be in the clear:

000000010003AC50 aSecstring12341 DCB "SecString:1234-123456-1234",0
000000010003AC6B aSecstring999   DCB "SecString:999",0

After fusion, an attacker won’t be able to recognize this as a string:

000000010003AC50 DCB "f",0xB0,0xC7,0x3D,0xF4,0x5E,0x56,0x2C
000000010003AC50 DCB "E",0xA3," ",0x1E,"l0",5,"|"
000000010003AC50 DCB 0xC4,0x41,0xDD,0xEB,0xB,"?",0xE7,0x24,0xE0
000000010003AC50 DCB 0xCD,0x8C,3,0x83,0xB3,"SZ7O"
000000010003AC50 DCB 0xA7,6,0xC8,0xD0,0

Required modifications

It goes without saying that we want the written program to function correctly without it being fused (for testing etc…), therefore we need to add some boilerplate code to the Xcode project so all the syntax withSecString("SecString:...")will remain inert.

The following code needs to be added to the Xcode project (preferably in its root folder):

  1. OCSecString.m:
    #import <Foundation/Foundation.h>
    @interface OCSecString : NSString
    @property (nonatomic, strong) NSString *stringHolder;
    @end
    
    @implementation OCSecString
    - (instancetype)initWithCharactersNoCopy: (unichar *)characters
      length: (NSUInteger)length
      freeWhenDone: (BOOL)freeBuffer
    {
        self = [super init];
        if (self) {
            if (characters[0] == 'S' &&
                characters[1] == 'e' &&
                characters[2] == 'c' &&
                characters[3] == 'S' &&
                characters[4] == 't' &&
                characters[5] == 'r' &&
                characters[6] == 'i' &&
                characters[7] == 'n' &&
                characters[8] == 'g' &&
                characters[9] == ':') {
                self.stringHolder = [[NSString alloc]
                initWithCharactersNoCopy:characters
                length:length
                freeWhenDone:freeBuffer];
            }
            else
            {
                NSException *ex = [
                    NSException
                    exceptionWithName:@"SecString format error"
                    reason:@"No "SecString:" prefix found"
                    userInfo:nil
                ];
                @throw ex;
            }
        }
        return self;
    }
    
    - (NSUInteger)length
    {
        return self.stringHolder.length - 10;
    }
    
    - (unichar)characterAtIndex:(NSUInteger)index
    {
        return [self.stringHolder characterAtIndex:index + 10];
    }
    @end
  2. OSecString.h:
    #ifndef SecString_h
    #define SecString_h
    #import <Foundation/Foundation.h>
    @interface OCSecString : NSString
    @end
    #endif /* SecString_h */
  3. <Project-Name>-Bridging-Header.h where <Project-Name> is the name of the project:
    #include "SecString.h"
  4. SecString.swift:
    import Foundation
    func SecString(_ s:String) -> String {
        return OCSecString(s) as String
    }
    
    extension OCSecString {
        public convenience init(_ s:String) {
            self.init(string:s)
        }
    }

That’s it, you’re ready to go! Now you can build your app on the platform.

How to Encrypt Strings, Secrets and Resources in iOS apps

Start by adding a mobile app to your Appdome account. If you don’t have an Appdome account, click here to create an account.

From the “Build” tab, select Security

  1. Expand TOTALDataTM Encryption category
  2. Switch on Data at Rest Encryption
  3. Switch on Encrypt Strings and Resources
  4. Switch on In-App Secrets Protection
  5. Click Build My App

encrypt ios strings, secrets

After Building Your App on Appdome

After successfully building the app, the app needs to be signed in order to deploy it.  Optionally,  you can also brand or customize apps using Appdome. Read this KB article to learn how to sign, customize, brand, and deploy apps using Appdome.

How Do I Learn More?

This topic expands on Data at Rest encryption, you can read more about it at Data at rest encryption for mobile apps

To zoom out on this topic, visit  Appdome for Mobile App Security on our website.

Thank you!

Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Paul Levasseur

Have a question?

Ask an expert

ShlomiMaking your security project a success!