Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
iOS application security : the definitive guide for hackers and developers
Thiel D., No Starch Press, San Francisco, CA, 2016. 296 pp. Type: Book (978-1-593276-01-0)
Date Reviewed: Nov 18 2016

Smartphones and smartwatches are capable of leading us in any activity, from media display (for example, watching movies on YouTube) to healthcare applications (for example, fitness data, heartbeat measurement, estimation of body mass index, and so on). Apps should protect their users from unauthorized access to data, and, more generally, deliver services with a strong focus on security. In fact, security is a key player: insecure applications can be exploited as attack vectors to gain access to more sensitive data.

The book is about security when developing for iOS. In particular, it describes many security problems that the author discovered by performing several audits and testing on real apps. It covers details on transport layer security (TLS) secure channels, black box testing, and iOS-specific internals on the usage of the target platform language and libraries: Objective-C and the Cocoa application programming interfaces (APIs). Although mobile operating systems enable security controls that are not available in desktop environments (such as application sandboxing), application developers should consider the suggestions provided by the author in order to verify common pitfalls such as considering execution in jailbroken devices, bypassing public key infrastructure (PKI) rules and certificate validity verification, legacy C/C++ errors, and how to preserve battery life for better use of the device’s hardware; in fact, availability is a measure of security: an app that is abusing the device’s battery is causing denial of service to the user.

Native code generators are also available off the shelf, which can translate other foreign languages to Objective-C. It would really be interesting to see how these compilers face and perhaps optimize the generated code with respect of platform-specific security details.

This book can be used as both a tutorial and a reference. In order to fully appreciate the contents, readers should have prior experience with coding for iOS and with the Apple Store app acceptance flow.

More reviews about this item: Amazon

Reviewer:  Massimiliano Masi Review #: CR144932 (1703-0179)
Bookmark and Share
  Reviewer Selected
Featured Reviewer 		 
 
Security and Protection (K.6.5 )
 
 
Apple (C.5.3 ... )
 
 
Apple (D.3.2 ... )
 
 
Portable Devices (C.5.3 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
CIRCAL and the representation of communication, concurrency, and time
Milne G. ACM Transactions on Programming Languages and Systems 7(2): 270-298, 1985. Type: Article		 Oct 1 1985
Computer security risk management
Palmer I., Potter G., Van Nostrand Reinhold Co., New York, NY, 1989. Type: Book (9780442302900)		 Apr 1 1991
Computers at risk
, National Academy Press, Washington, DC, 1991. Type: Book (9780309043885)		 Oct 1 1991
more...
E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use | Privacy Policy