Smartphones and smartwatches are capable of leading us in any activity, from media display (for example, watching movies on YouTube) to healthcare applications (for example, fitness data, heartbeat measurement, estimation of body mass index, and so on). Apps should protect their users from unauthorized access to data, and, more generally, deliver services with a strong focus on security. In fact, security is a key player: insecure applications can be exploited as attack vectors to gain access to more sensitive data.
The book is about security when developing for iOS. In particular, it describes many security problems that the author discovered by performing several audits and testing on real apps. It covers details on transport layer security (TLS) secure channels, black box testing, and iOS-specific internals on the usage of the target platform language and libraries: Objective-C and the Cocoa application programming interfaces (APIs). Although mobile operating systems enable security controls that are not available in desktop environments (such as application sandboxing), application developers should consider the suggestions provided by the author in order to verify common pitfalls such as considering execution in jailbroken devices, bypassing public key infrastructure (PKI) rules and certificate validity verification, legacy C/C++ errors, and how to preserve battery life for better use of the device’s hardware; in fact, availability is a measure of security: an app that is abusing the device’s battery is causing denial of service to the user.
Native code generators are also available off the shelf, which can translate other foreign languages to Objective-C. It would really be interesting to see how these compilers face and perhaps optimize the generated code with respect of platform-specific security details.
This book can be used as both a tutorial and a reference. In order to fully appreciate the contents, readers should have prior experience with coding for iOS and with the Apple Store app acceptance flow.
More reviews about this item: Amazon