Obfuscating Swift code before submission to Apple App Store

Question

I'm having a hard time finding any info on this. Android themselves mention code obfuscation as something to do before submitting to their store. But I see nothing about this from Apple or from any "third party" before-submission checklists. The only similar question I could find was one 5 years ago about Objective-C, and I only can find 1 github library about iOS obfuscation. Is it a common practice to obfuscate Swift code when submitting to the Apple App Store? Especially to hide any private API URLs or API keys? Is there a Pro-Guard equivalent for Apple?

Answer 1

Java gets converted into bytecode, which can be decompiled.

Swift is a compiled language, and the Clang compiler is highly optimized. In release mode it strips out symbols and does a lot of optimization that does a great deal of obfuscation all by itself. There are decompilers for compiled languages, but the results are really awful and hard to read.

Edit:

There are tools like iXGuard that have the ability to further obfuscate your Swift code, making it even harder for hackers to reverse-engineer it.

Answer 2

A bit late to the party, but plain text strings can be extracted with no need of a jailbroken device just issuing the command strings to your executable.

So, yes, protect your sensitive strings in some way.

You can check my command line utility for doing this:

https://github.com/pabloroca/obfuscateapi