How to Implement Anti-Swizzling in iOS SDKs Using Appdome
What is Swizzling?
Method swizzling is a dynamic feature of the Objective-C runtime used in iOS development that allows developers to interchange the implementations of methods at runtime. This capability can enhance application flexibility and functionality by enabling legitimate uses such as crash reporting and event logging in frameworks like Sentry, Firebase, and Facebook. However, if misused or exploited, swizzling can lead to significant security vulnerabilities, such as unauthorized behavior modifications or data interception. To address these risks, Appdome offers a robust Anti-Swizzling suite designed to safeguard iOS SDKs by distinguishing between legitimate and malicious uses of swizzling.
How Does Appdome Protect Mobile SDKs from Swizzling?
Anti-Swizzling on Appdome is designed to detect and prevent unauthorized and potentially malicious methods of swizzling within iOS applications. This feature comprises of two critical sub-features:
- Injected Framework Swizzling: This sub-feature targets unauthorized swizzling attempts introduced through externally injected frameworks. It monitors and detects any dynamic alterations in method implementations that could indicate malicious tampering or behavior manipulation.
- In-App Swizzling: Focused on internal application components, this sub-feature ensures that the swizzling performed by the application itself remains within safe, predefined boundaries. It helps maintain the integrity of the app’s original functionality without impeding the legitimate use of method swizzling for development purposes.
Prerequisites for Using Anti Swizzling with Appdome SDKProtect™
Before starting the process of securing your SDK with Appdome, ensure you have the following:
- Appdome account (create a free Appdome account here)
- A license for Anti Swizzling
- A valid xcframework.zip file
How to Implement Anti Swizzling in iOS SDKs Using Appdome.
On Appdome, follow these 3 simple steps to secure iOS SDKs:
- Designate the mobile SDK to be protected.
1.1 Upload a mobile SDK via the Appdome Mobile Defense platform GUI or via Appdome’s DEV-API or CI/CD Plugins.
1.2 iOS Formats: xcframework.zip file
1.3 Anti-Swizzling is compatible with Objective C. - Select the defense: Anti-Swizzling
2.1. Create and name the Fusion Set (security template) that will contain the Anti Swizzling feature as shown below:
Figure 1: Fusion Set that will contain the anti-swizzling feature
Note: Naming the Fusion Set to correspond to the protection(s) selected is for illustration purposes only (not required).
2.1.1 When you select the Anti Swizzling, you’ll notice that the Fusion Set you created in step 2.1. now bears the icon of the protection category that contains Anti Swizzling.
Figure 2: Fusion Set that displays the newly added {Feature Name} protection.
Note: Annotating the Fusion Set to identify the protection(s) selected is optional only (not mandatory).2.1.2 Open the Fusion Set Detail Summary by clicking the “…” symbol on the far-right corner of the Fusion Set. Copy the Fusion Set ID from the Fusion Set Detail Summary (as shown below):
2.1.3 Follow the instructions below to use the Fusion Set ID inside any standard mobile DevOps or CI/CD toolkit like Bitrise, Jenkins, Travis, Team City, Circle CI, or other systems:
2.1.3.1 Refer to the Appdome API Reference Guide for API building instructions.
2.1.3.2 Check Appdome’s GitHub Repository for sample APIs.2.2 Add the Anti Swizzling feature to the security template
2.2.1 Navigate to the Build SDKProtect™ section in the Appdome Console.
2.2.2 Toggle On SDK Threat-Shielding > Threat-Streaming > App Shielding
Note: The checkmark feature Injected Framework Swizzling is enabled by default, with Threat Events as shown below.Important! If you wish to use threat events for in-app swizzling, ensure you have integrated the “frameworkmethodswizzling” threat event into your SDK prior to uploading. For more details on how to implement Threat events In-App Swizzling, see: How to use SDK Input Threat Events for iOS XCFrameworks
Figure 3: Selecting Anti Swizzling
2.2.3 Select the Threat-Event™ In-App Defense or In-App Detection policy for Injected Framework Swizzling:2.2.3.1 Threat-Events™ ON > In-App Detection
When this setting is used, Appdome detects Injected Framework Swizzling and passes Appdome’s Threat-Event™ attack intelligence to the SDK’s backend for processing and enforcement.
2.2.3.2 Threat-Events™ ON > In-App Defense
When this setting is used, Appdome detects and defends against Injected Framework Swizzling and passes Appdome’s Threat-Event™ attack intelligence to the SDK’s business logic for processing.
- Initiate the build command either by clicking Build My SDK or via your CI/CD.
Congratulations! The Anti Swizzling protection has been added to your mobile SDK
Certify the Anti Swizzling feature in iOS SDKs.
After building Anti-Swizzling, Appdome generates a Certified Secure™ certificate to guarantee that the protection has been added and is protecting the SDK. To verify that the Anti Swizzling protection has been added to the mobile SDK, locate the protection in the Certified Secure™ certificate as shown below:
Related Articles:
- How to Use Appdome SDKProtect to Secure Mobile iOS SDKs
- How to Defend Against MiTM (Man-in-the-Middle) Attacks in Mobile SDKs
- How to Protect Info.plist Files in iOS SDKs
How Do I Learn More?
If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.
