Appdome Logo
How to > Mobile SDK Protection > SDK Security Integration > How to Prevent Running on Simulators in iOS SDKs

How to Prevent Running on Simulators in iOS SDKs

Last updated November 21, 2024 by Appdome

What are Simulators?

Simulators are software environments that replicate the behavior of mobile devices (like smartphones and tablets) on computers. They are commonly used by developers for testing and debugging mobile apps without needing a physical device. However, simulators can also be exploited by attackers to analyze or reverse-engineer mobile applications, which can compromise the security of an app or its SDK.

How Does Appdome Protect Mobile SDKs from Malicious Simulators?

Appdome ensures that mobile SDKs are secure from threats associated with simulators by enforcing execution only on physical devices. Specifically, Appdome achieves this by:

  1. Blocking Execution on Simulators: Appdome detects when an SDK is running on a simulated environment and prevents it from executing, making it harder for attackers to use simulators to analyze the SDK.
  2. Removing Support for Simulator Architectures: Appdome automatically removes support for x86 and ARM simulator architectures during the build process. This ensures that the protected SDKs cannot run on simulators, limiting exposure to reverse engineering or other attacks.

By implementing these protections, Appdome helps SDK vendors ensure that their SDKs are only usable on real, physical devices, safeguarding them from unauthorized access and potential misuse in simulated environments.

Prerequisites for Using Prevent Running on Simulators with Appdome SDKProtect™

Before starting the process of securing your SDK with Appdome, ensure you have the following:

How to Implement Prevent Running on Simulators in iOS SDKs Using Appdome.

On Appdome, follow these 3 simple steps to secure iOS SDKs:

  1. Designate the mobile SDK to be protected.
    1.1 Upload a mobile SDK via the Appdome Mobile Defense platform GUI or via Appdome’s DEV-API or CI/CD Plugins.
    1.2 iOS Formats: xcframework.zip file
    1.3 Prevent Running on Simulators is compatible with Objective C.
  2. Select the defense: Prevent Running on Simulators
    2.1. Create and name the Fusion Set (security template) that will contain the Prevent Running on Simulators feature as shown below:

    Fusion Set Security Template For Ios Sdk

    Figure 1: Fusion Set that will contain the anti-swizzling feature
    Note: Naming the Fusion Set to correspond to the protection(s) selected is for illustration purposes only (not required).
    2.1.1 When you select Prevent Running on Simulators, you’ll notice the Fusion Set you created in step 2.1. now bears the icon of the protection category that contains Prevent Running on Simulators.

    Saved Fusion Set (securitytemplate) For The Ios Sdk Anti Swizzling Feature

    Figure 2: Fusion Set that displays the newly added {Feature Name} protection.
    Note: Annotating the Fusion Set to identify the protection(s) selected is optional only (not mandatory).

    2.1.2 Open the Fusion Set Detail Summary by clicking the “…” symbol on the far-right corner of the Fusion Set. Copy the Fusion Set ID from the Fusion Set Detail Summary (as shown below):

    Copy Fusion set ID

    2.1.3 Follow the instructions below to use the Fusion Set ID inside any standard mobile DevOps or CI/CD toolkit like Bitrise, Jenkins, Travis, Team City, Circle CI, or other systems:
    2.1.3.1 Refer to the Appdome API Reference Guide for API building instructions.
    2.1.3.2 Check Appdome’s GitHub Repository for sample APIs.

    2.2 Add the Prevent Running on Simulators feature to the security template
    2.2.1 Navigate to the Build SDKProtect™ section in the Appdome Console.
    2.2.2 Toggle On SDK Threat-Shielding > Prevent Running on Simulators

    Toggle Prevent Running On Simulator

    Figure 3: Selecting Prevent Running on Simulators

  3.  Initiate the build command either by clicking Build My SDK or via your CI/CD.
Congratulations! The Prevent Running on Simulators protection has been added to your mobile SDK.

Certify the Prevent Running on Simulators feature in iOS SDKs.

After building Prevent Running on Simulators, Appdome generates a Certified Secure™ certificate to guarantee that the protection has been added and is protecting the SDK. To verify that the Prevent Running on Simulators protection has been added to the mobile SDK, locate the protection in the Certified Secure™ certificate as shown below:

Iosxcframework Certificate Prevent Ios Sdks From Running On Simulators

Related Articles:

How Do I Learn More?

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.

 

Appdome

Want a Demo?

SDK Security Integration

GilWe're here to help
We'll get back to you in 24 hours to schedule your demo.