View on GitHub

@nativescript/ios-security ​

Contents ​

• Intro
• Installation
• Prerequisites
  • Specify the URLs to be queried
• Use @nativescript/ios-security
  • Detect jailbreaking
  • Detect debugger attachment
  • Prevent Debugger Attachment
  • Emulator detection
  • Detect the use of reverse engineering tools
  • System proxy detection
  • Runtime Hooks Detection
  • App tampering detection
• License

Intro ​

🔒 IOSSecuritySuite for NativeScript.

🌏 iOS Security Suite is an advanced and easy-to-use platform security & anti-tampering library. If you are developing for iOS and you want to protect your app according to the OWASP MASVS standard, chapter v8, then this library could save you a lot of time. 🚀 What ISS detects:

• Jailbreak (even the iOS 11+ with brand new indicators! 🔥)
• Attached debugger 👨🏻‍🚀
• If an app was run in an emulator 👽
• Common reverse engineering tools running on the device 🔭

Installation ​

To install the plugin, run the following command in your app's root folder:

npm install @nativescript/ios-security

Prerequisites ​

Specify the URLs to be queried ​

In the jailbreak detection module, there is a check that uses the canOpenURL(_😃 method and it requires specifying the URLs that will be queried.

Specify those URLs in the App_Resources/iOS/Info.plist file as follows:

<key>LSApplicationQueriesSchemes</key>
<array>
    <string>cydia</string>
    <string>undecimus</string>
    <string>sileo</string>
    <string>zbra</string>
    <string>filza</string>
    <string>activator</string>
</array>

Use @nativescript/ios-security ​

The following sections describe how to use @nativescript/ios-security.

Detect jailbreaking ​

For a simple check of whether the device is jailbroken, use the amIJailbroken() method.

const isJailBroken: boolean = IOSSecurity.amIJailbroken()
if (isJailBroken) {
  console.log('This device is jailbroken')
} else {
  console.log('This device is not jailbroken')
}

Detect bebugger attachment ​

To detect if a debugger is attached to the app, use the amIDebugged() method.

const amIDebugged: boolean = IOSSecurity.amIDebugged()

Prevent debugger attachment ​

To prevent the debugger from being attached to the app, call the denyDebugger() method.

IOSSecurity.denyDebugger()

Emulator detection ​

To detect if the app is being run on an emulator, call the amIRunInEmulator() method.

const runInEmulator: boolean = IOSSecurity.amIRunInEmulator()

Detect the use of reverse engineering tools ​

To detect if a common reverse engineering tool is being used on the app, call the amIReverseEngineered() method.

const amIReverseEngineered: boolean = IOSSecurity.amIReverseEngineered()

System proxy detection ​

To detect if the user is using a proxy, call the amIProxied() method.

const amIProxied: boolean = IOSSecurity.amIProxied()

Runtime Hooks Detection ​

To detect if a hook is placed in the application's code, call the amIRuntimeHookedWithDyldWhiteListDetectionClassSelectorIsClassMethod() method.

let amIRuntimeHooked: boolean = IOSSecurity.amIRuntimeHookedWithDyldWhiteListDetectionClassSelectorIsClassMethod(dyldWhiteList: NSArray<string> | string[], detectionClass: typeof NSObject, selector: string, isClassMethod: boolean)

App tampering detection ​

To detect if an app has been tampered with, call the amITampered() method.

let amITampered: NSArray<any> =  IOSSecurity.amITampered(checks: NSArray<any> | any[])

License ​

Apache License Version 2.0