O'Reilly logo

Hacking and Securing iOS Applications by Jonathan Zdziarski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Public Key Cryptography

Many developers rely solely on SSL, unaware that it can be compromised in a number of ways. SSL is an important piece of electronic commerce technology and should be used, but not alone. Malware or man-in-the-middle attacks typically won’t (and sometimes can’t) look specifically at the memory inside of an application, but may only be capable of eavesdropping on SSL sessions in one form or another. When this occurs, secondary encryption techniques can help ensure that important data remains secure. Additionally, many governments, including the United States, China, and telecommunications companies owned by other foreign countries, operate their own certificate authorities whose certificates are preloaded into iOS’ networking components. If you are designing an application that may be eavesdropped on by a foreign government, these certificate authorities could be abused to masquerade as legitimate websites to intercept traffic. Combine this capability with the wiretap capabilities of many countries, government equipment to masquerade eavesdropping equipment as cellphone towers, and a myriad of other potential espionage equipment, and you have a very good reason not to place all of your trust in SSL. In addition to using SSL, running additional layers of encryption underneath SSL, such as public key cryptography, can help to protect important credentials from being intercepted even when SSL fails.

Public key cryptography is an asymmetric form of encryption where ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required