How can I avoid including debug code in source control with Xcode?

Question

When testing our iOS app, my team and I need to disable SSL certificate validation.

At present, we are using a hard-coded #define:

// In Prefix.pch
#define ALLOW_INVALID_SSL_CERTS

// Elsewhere
#ifdef ALLOW_INVALID_SSL_CERTS
// Code to disable SSL certificate validation
#endif

As a result, we have to remember to remove the #define every time we release a new version.

Ideally we would like to find a way to enable a flag in Xcode that would not be checked into source control.

I have discovered that this is possible using application arguments ([[NSProcessInfo processInfo] arguments); however this is potentially exploitable since an attacker could find a way to provide the argument in question to the app before it is launched.

Is there another way to set this up in Xcode?

Answer 1

Try to set the Other C Flag in your build settings like -DDEBUG=1 in the debug settings and in the release settings set this to -DDEBUG=0. Then in your prefix file define your debug macro like this.

#if DEBUG
#define ALLOW_INVALID_SSL_CERTS 1
#else
#define ALLOW_INVALID_SSL_CERTS 0
#endif

I do it in this way. Here is a screenshot if you want to know where to set the -DDEBUG option.

Answer 2

Try defining an environmental variable on your dev machines, like IOS_PROJ_ALLOW_INVALID_CERT=1 (and make sure it's NOT defined on your build machine).

Then modify your project's preprocessor macro build settings to set the ALLOW_INVALID_SSL_CERTS macro to the value of your $(IOS_PROJ_ALLOW_INVALID_CERT) env var.