The era of mobile and small yet über-functional devices is here, and the transition from consumer to enterprise and from funny cat apps to complex mobile commerce apps is well underway. As has been true with pretty much every technology, once use increases, abuse follows. No other company, software, or device has had more of an impact on this revolution than the iPhone family. In spite of Apple’s best efforts, iOS has not proven immune to the inevitable appearance of security vulnerabilities and hacking exploits.
Malware, data leakage, and phishing attacks are already on the rise on mobile platforms. Individual and corporate app developers need to apply the lessons learned from the Internet experience and make sure that security is baked in and not bolted on this time.
This book is by Jonathan Zdziarski--also known as “NerveGas”--a renowned iOS hacker and an authority on iPhone forensics. He has written yet another must-have textbook for iPhone developers and security practitioners. Unlike most other hacking books, this book spends considerable time building the foundations for every aspect of iOS and even the Apple monoculture, which he considers one of the major issues with iOS devices.
The book is divided into two similarly designed parts, focusing on offense and defense. After an introduction to mindsets and myth busters, the book covers every detail of how the security mechanisms are designed and how they can be circumvented. The first part covers file systems, data traces, encryption, runtime libraries, and networking. Each topic has a dedicated chapter explaining what controls exist and how attacks against them can be performed successfully.
Part 2 presents a mirror of the chapters in Part 1, explaining how developers can implement security measures not just to enable the functionality offered by Apple, but also to minimize the risks to the data stored, processed, and transmitted by their applications.
What also makes this book as good a buy as any on the topic is the fact that it has plenty of demos, code snippets, and tools to make sure that interested learners can apply every aspect of the offense and defense described in the book with the same ease that they’ve become used to while writing iOS apps.