Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Hacking and securing iOS applications : stealing data, hijacking software, and how to prevent it
Zdziarski J., O’Reilly Media, Inc., Sebastopol, CA, 2012. 358 pp. Type: Book (978-1-449318-74-1)
Date Reviewed: Apr 17 2013

The era of mobile and small yet über-functional devices is here, and the transition from consumer to enterprise and from funny cat apps to complex mobile commerce apps is well underway. As has been true with pretty much every technology, once use increases, abuse follows. No other company, software, or device has had more of an impact on this revolution than the iPhone family. In spite of Apple’s best efforts, iOS has not proven immune to the inevitable appearance of security vulnerabilities and hacking exploits.

Malware, data leakage, and phishing attacks are already on the rise on mobile platforms. Individual and corporate app developers need to apply the lessons learned from the Internet experience and make sure that security is baked in and not bolted on this time.

This book is by Jonathan Zdziarski--also known as “NerveGas”--a renowned iOS hacker and an authority on iPhone forensics. He has written yet another must-have textbook for iPhone developers and security practitioners. Unlike most other hacking books, this book spends considerable time building the foundations for every aspect of iOS and even the Apple monoculture, which he considers one of the major issues with iOS devices.

The book is divided into two similarly designed parts, focusing on offense and defense. After an introduction to mindsets and myth busters, the book covers every detail of how the security mechanisms are designed and how they can be circumvented. The first part covers file systems, data traces, encryption, runtime libraries, and networking. Each topic has a dedicated chapter explaining what controls exist and how attacks against them can be performed successfully.

Part 2 presents a mirror of the chapters in Part 1, explaining how developers can implement security measures not just to enable the functionality offered by Apple, but also to minimize the risks to the data stored, processed, and transmitted by their applications.

What also makes this book as good a buy as any on the topic is the fact that it has plenty of demos, code snippets, and tools to make sure that interested learners can apply every aspect of the offense and defense described in the book with the same ease that they’ve become used to while writing iOS apps.
Reviewer:  Phoram Mehta Review #: CR141142 (1307-0572)
Bookmark and Share
  Reviewer Selected
Featured Reviewer 		 
 
Security and Protection (D.4.6 )
 
 
Security and Protection (K.6.5 )
 
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
Practical UNIX security
Garfinkel S., Spafford G., O’Reilly & Associates, Inc., Sebastopol, CA, 1991. Type: Book (9780937175729)		 Jun 1 1992
Trusted products evaluation
Chokhani S. Communications of the ACM 35(7): 64-76, 1992. Type: Article		 Oct 1 1993
An experience using two covert channel analysis techniques on a real system design
Haigh J., Kemmerer R., McHugh J., Young W. IEEE Transactions on Software Engineering SE-13(2): 157-168, 1987. Type: Article		 Nov 1 1987
more...
E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use | Privacy Policy