README.md

@nativescript/ios-security

Contents

• Intro
• Installation
• Prerequisites
  • Specify the URLs to be queried
• Use @nativescript/ios-security
  • Detect jailbreaking
  • Detect debugger attachment
  • Prevent Debugger Attachment
  • Emulator detection
  • Detect the use of reverse engineering tools
  • System proxy detection
  • Runtime Hooks Detection
  • App tampering detection
• License

Intro

🔒 IOSSecuritySuite for NativeScript.

🌏 iOS Security Suite is an advanced and easy-to-use platform security & anti-tampering library. If you are developing for iOS and you want to protect your app according to the OWASP MASVS standard, chapter v8, then this library could save you a lot of time. 🚀 What ISS detects:

• Jailbreak (even the iOS 11+ with brand new indicators! 🔥)
• Attached debugger 👨🏻‍🚀
• If an app was run in an emulator 👽
• Common reverse engineering tools running on the device 🔭

Installation

To install the plugin, run the following command in your app's root folder:

npm install @nativescript/ios-security

Prerequisites

Specify the URLs to be queried

In the jailbreak detection module, there is a check that uses the canOpenURL(_:) method and it requires specifying the URLs that will be queried.

Specify those URLs in the App_Resources/iOS/Info.plist file as follows:

<key>LSApplicationQueriesSchemes</key>
<array>
    <string>cydia</string>
    <string>undecimus</string>
    <string>sileo</string>
    <string>zbra</string>
    <string>filza</string>
    <string>activator</string>
</array>

Use @nativescript/ios-security

The following sections describe how to use @nativescript/ios-security.

Detect jailbreaking

For a simple check of whether the device is jailbroken, use the amIJailbroken() method.

const isJailBroken: boolean =  IOSSecurity.amIJailbroken()
if (isJailBroken) {
	console.log("This device is jailbroken");
} else {
	console.log("This device is not jailbroken");
}

---

Detect bebugger attachment

To detect if a debugger is attached to the app, use the amIDebugged() method.

const amIDebugged: boolean = IOSSecurity.amIDebugged();

---

Prevent debugger attachment

To prevent the debugger from being attached to the app, call the denyDebugger() method.

IOSSecurity.denyDebugger();

---

Emulator detection

To detect if the app is being run on an emulator, call the amIRunInEmulator() method.

const runInEmulator: boolean = IOSSecurity.amIRunInEmulator();

---

Detect the use of reverse engineering tools

To detect if a common reverse engineering tool is being used on the app, call the amIReverseEngineered() method.

const amIReverseEngineered: boolean = IOSSecurity.amIReverseEngineered();

---

System proxy detection

To detect if the user is using a proxy, call the amIProxied() method.

const amIProxied: boolean = IOSSecurity.amIProxied();

---

Runtime Hooks Detection

To detect if a hook is placed in the application's code, call the amIRuntimeHookedWithDyldWhiteListDetectionClassSelectorIsClassMethod() method.

let amIRuntimeHooked: boolean = IOSSecurity.amIRuntimeHookedWithDyldWhiteListDetectionClassSelectorIsClassMethod(dyldWhiteList: NSArray<string> | string[], detectionClass: typeof NSObject, selector: string, isClassMethod: boolean)

---

App tampering detection

To detect if an app has been tampered with, call the amITampered() method.

let amITampered: NSArray<any> =  IOSSecurity.amITampered(checks: NSArray<any> | any[])

License

Apache License Version 2.0