With your app running in an unknown execution environment and exchanging data over unknown transmission networks, it is important to always keep security as one of your top priorities so that you can protect users’ as well as the app’s sensitive data.
Risks exist on jailbroken as well as regular devices. For example, a YouTube video from JosiahsTech demonstrates how simple it can be to modify the popular game Temple Run.
Each additional layer of security causes app slowdown, either through code execution (e.g., moving from 1,024-bit DSA key encryption keys to 2,048-bit RSA encryption keys), or through user intervention (e.g., introducing two-factor authentication or an app PIN). There will therefore be a trade-off required as to how many layers of security you wish to add vis-à-vis delay introduced in letting users complete their intent.
In this chapter, we explore key aspects of security in the app. We will not do a deep dive on pen testing. We take a categorical ...