Strings in an iOS app can be easily extracted with strings myapp.

Taking a few more steps will make your app more secure.

Chris Hulbert has a good post on the topic to obfuscate your secret keys.

A summary

Firstly, the technique is only good for secret keys that are not sent over the Internet. For example, secret keys that are used to encrypt a packet, sent over the Internet, then decrypt with the key on the server.

There are a few techniques of various levels:

  • hex instead of literal strings

  • obfuscate the hex with some hashing

  • disable debug sessions

PS: This deters most of the hackers. But nothing is foolproof.




Back to Home