iOS Apps under Apple's Protection! Or Are They?

In the iOS developer community, it is not customary to discuss application security. The closed operating system, App Store review process, and complex signing system create a perception that users are safe no matter what happens, and that the only focus should be on server security.

Even in mobile security courses, most examples show how to modify application code on Android, but not on iOS. However, this is a significant oversight. In a year when apps from Russian companies have started disappearing from the official app store en masse, the issue of security becomes especially relevant.

Can you be sure that a user logging into the server is doing so from an app installed from a reliable source? Can you be sure that their data, and consequently your reputation, is secure?

A comprehensive course on security cannot fit into the timing of a single talk. However, it should suffice to highlight the necessity of paying attention to security alongside the development of attractive interfaces.

In the workshop, we will briefly cover dynamic analysis tools, get acquainted with the Theos build system, and modify the demo application's package (ipa) in such a way that user data ends up in our hands. We will also discuss possible countermeasures against attackers.