iPhone app编译代码中包含的信息有多安全？ [英] How safe is information contained within iPhone app compiled code?

问题描述

我和一些朋友正在讨论这件事，我们开始怀疑这一点。有人可以在购买应用程序后获得对实际objective-c代码中包含的URL或其他值的访问权限吗？

我们最初的感觉是否定的，但我想知道是否那里的任何人都有这种或那种确定的知识吗？

我知道.plist文件随时可用。

示例可以是：

-URL值保存在字符串中

-API键和秘密值

解决方案

是的，可以使用字符串工具（请看这里），使用 class-dump-x （点击这里）。

只是一些食物为了思考。

编辑：隐藏隐藏信息的一种简单但不安全的方式是混淆，或将其切割成小的以下代码：

  NSString * string = @ 你好，世界！; 
  

将产生Hello，World！使用字符串工具。
像这样写代码：

  NSString * string = @H; 
 string = [stringByAppendingString：@el]; 
 string = [stringByAppendingString：@lo]; 
 ... 
  

将显示输入的字符，但不一定按顺序显示。

再次：容易做到，但不是很安全。

I was discussing this with some friends and we began to wonder about this. Could someone gain access to URLs or other values that are contained in the actual objective-c code after they purchase your app?

Our initial feeling was no, but I wondered if anyone out there had definitive knowledge one way or the other?

I do know that .plist files are readily available.

Examples could be things like:

-URL values kept in a string

-API key and secret values

解决方案

Yes, strings and information are easily extractable from compiled applications using the strings tool (see here), and it's actually even pretty easy to extract class information using class-dump-x (check here).

Just some food for thought.

Edit: one easy, albeit insecure, way of keeping your secret information hidden is obfuscating it, or cutting it up into small pieces.

The following code:

NSString *string = @"Hello, World!";

will produce "Hello, World!" using the strings tool. Writing your code like this:

NSString *string = @"H";
string = [stringByAppendingString:@"el"];
string = [stringByAppendingString:@"lo"];
...

will show the characters typed, but not necessarily in order.

Again: easy to do, but not very secure.

这篇关于iPhone app编译代码中包含的信息有多安全？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！