Reputation: 493
I'm having a hard time finding any info on this. Android themselves mention code obfuscation as something to do before submitting to their store. But I see nothing about this from Apple or from any "third party" before-submission checklists. The only similar question I could find was one 5 years ago about Objective-C, and I only can find 1 github library about iOS obfuscation. Is it a common practice to obfuscate Swift code when submitting to the Apple App Store? Especially to hide any private API URLs or API keys? Is there a Pro-Guard equivalent for Apple?
Upvotes: 33
Views: 24955
Reputation: 131491
Java gets converted into bytecode, which can be decompiled.
Swift is a compiled language, and the Clang compiler is highly optimized. In release mode it strips out symbols and does a lot of optimization that does a great deal of obfuscation all by itself. There are decompilers for compiled languages, but the results are really awful and hard to read.
There are tools like iXGuard that have the ability to further obfuscate your Swift code, making it even harder for hackers to reverse-engineer it.
Upvotes: 32
Reputation: 506
A bit late to the party, but plain text strings can be extracted with no need of a jailbroken device just issuing the command strings to your executable.
So, yes, protect your sensitive strings in some way.
You can check my command line utility for doing this:
https://github.com/pabloroca/obfuscateapi
Upvotes: 7