ipa架构
IPA File
Payload
{appname}.app
Application Binary
Mobile Provision File
Code Signature
Bundled Resource File
iTunesArtwork
iTunesMetadata.plist
Insecure Local Data Storage
- PropertyList files
- NSUserDefaults class
- KeyChain
- CoreData and SQLite databases
Apple Data Protection API
- Complete Protection (NSFileProtectionComplete)
- Protected Unless Open (NSFileProtectionCompleteUnlessOpen)
- Protected Until First User Authentication (NSFileProtectionCompleteUntilFirstUserAuthentication)
- No Protection (NSFileProtectionNone)
NSTimeZone
1
2
3
4
5
| NSTimeZone *timeZone = [NSTimeZone localTimeZone];
// Asia/Shanghai
NSString *name = timeZone.name;
// GMT+8
NSString *abbreviation = timeZone.abbreviation;
|
Prevent Buffer Overflows
- Address Space Layout Randomization (ASLR)
- Automatic Reference Counting (ARC)
- Stack Protectors
System Call
1
2
3
4
| -(void)makeCall:(NSString *)phone{
NSString *phoneNumber = [@"telprompt://" stringByAppendingString:phone];
[[UIApplication sharedApplication] openURL:[NSURL URLWithString:phoneNumber]];
}
|
NSString to NSURL
1
2
| NSString *encodeURL = [string stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLQueryAllowedCharacterSet]];
NSURL *url = [NSURL URLWithString:encodeURL];
|