-
Notifications
You must be signed in to change notification settings - Fork 2
Home
Welcome to the iOS-Security-Toolkit wiki!
Here we would like to present examples of usage, explanation and best practices regarding flutter security toolkit.
If you have any questions or want to contribute, feel free to open a new Issue
The iOS Security Toolkit is a library that you can use to check for runtime threats. It can detect such threats as Jailbreak environment, Hooks injection tools and debugger, expanding the checks system-wide: checking for hardware encryption capabilities and device password protection
If you do not understand what a given threat means, here is a quick description of each threat, iOS Security Toolkit can detect, when it is usually detected and possible handling strategies of a given threat
Effectively means Jailbreak on iOS. Jailbreak is a common term to describe a state in which sandboxed iOS environment can be escaped, granting thus more privileges to app user. Other apps can also be granted (by user or automatically) more permissions, than designed. The integrity of an iOS app in such an environment is easily compromised, allowing user or apps access to files, runtime or memory, which can result in leaks of private / sensitive data, changes of app behavior in runtime and unexpected environment configuration.
Preventing your app to run in such environment is important, if
- your app manages sensitive data;
- you want to prevent unauthorized access to app internals and/or private APIs;
More about jailbreak can be found here: https://wikipedia.org/wiki/Jailbreak_%28iOS%29
In order to achieve the best security of your app and ensure a good UX, you should chose a strategy on how to react to the threats, if detected. You could for example crash the app or do nothing, but there is a better way. Lets dive into it