🔒 IOSSecuritySuite for NativeScript.
🌏 iOS Security Suite is an advanced and easy-to-use platform security & anti-tampering library. If you are developing for iOS and you want to protect your app according to the OWASP MASVS standard, chapter v8, then this library could save you a lot of time. 🚀 What ISS detects:
- Jailbreak (even the iOS 11+ with brand new indicators! 🔥)
- Attached debugger 👨🏻🚀
- If an app was run in an emulator 👽
- Common reverse engineering tools running on the device 🔭
To install the plugin, run the following command in your app's root folder:
npm install @nativescript/ios-security
In the jailbreak detection module, there is a check that uses the canOpenURL(_😃 method and it requires specifying the URLs that will be queried.
Specify those URLs in the App_Resources/iOS/Info.plist
file as follows:
<key>LSApplicationQueriesSchemes</key>
<array>
<string>cydia</string>
<string>undecimus</string>
<string>sileo</string>
<string>zbra</string>
<string>filza</string>
<string>activator</string>
</array>
The following sections describe how to use @nativescript/ios-security
.
For a simple check of whether the device is jailbroken, use the amIJailbroken()
method.
const isJailBroken: boolean = IOSSecurity.amIJailbroken()
if (isJailBroken) {
console.log('This device is jailbroken')
} else {
console.log('This device is not jailbroken')
}
To detect if a debugger is attached to the app, use the amIDebugged()
method.
const amIDebugged: boolean = IOSSecurity.amIDebugged()
To prevent the debugger from being attached to the app, call the denyDebugger()
method.
IOSSecurity.denyDebugger()
To detect if the app is being run on an emulator, call the amIRunInEmulator()
method.
const runInEmulator: boolean = IOSSecurity.amIRunInEmulator()
To detect if a common reverse engineering tool is being used on the app, call the amIReverseEngineered()
method.
const amIReverseEngineered: boolean = IOSSecurity.amIReverseEngineered()
To detect if the user is using a proxy, call the amIProxied()
method.
const amIProxied: boolean = IOSSecurity.amIProxied()
To detect if a hook is placed in the application's code, call the amIRuntimeHookedWithDyldWhiteListDetectionClassSelectorIsClassMethod()
method.
let amIRuntimeHooked: boolean = IOSSecurity.amIRuntimeHookedWithDyldWhiteListDetectionClassSelectorIsClassMethod(dyldWhiteList: NSArray<string> | string[], detectionClass: typeof NSObject, selector: string, isClassMethod: boolean)
To detect if an app has been tampered with, call the amITampered()
method.
let amITampered: NSArray<any> = IOSSecurity.amITampered(checks: NSArray<any> | any[])
Apache License Version 2.0