Defense for your iOS App
iMAS helps developers encrypt app data, prompt for passwords, prevent app tampering, and enforce enterprise policies on iOS devices.
Download, compile in, and secure more.
Encrypted Core Data
Encrypt your app's Core Data persistence store using SQLCipher.
[Encrypted Core Data] is a great library, and I hope to put it into production use soon. Thank you!
App Password
Prevent unauthorized users with a password or scrambled keypad prompt.
[iMAS] takes considerable worry out of dealing with security, and allows us to concentrate on coding features for our customers.
Security Check
Register callbacks if the device is jailbroken or if a debugger is attached.
[Security Check is a] very interesting project, we plan to investigate further and apply to our product.
Security at the app level.
Currently, iOS has limited app-level security controls. iMAS gives you common components to authenticate users, encrypt your app SQLite data, and use a secure keychain—all at the app level.
Safeguard your app runtime.
Whether you need to check for jailbreaks or debuggers, mitigate against binary patching, or secure sensitive information in memory iMAS helps your app protect itself in a hostile environment.
Enterprise-ready, Startup fast.
Mobile apps are increasingly being trusted with sensitive data, so it's important to keep them secure. iMAS has been used to secure healthcare data and has demonstrated a cost-effective way to add security controls to existing apps.
Security Components
With lots of stars and many forks, iMAS thanks GitHub developers for helping spread the word!
Encrypted Core Data
Encrypt your app's Core Data persistence store using SQLCipher.
App Password
Prevent unauthorized users with a password or scrambled keypad prompt.
Security Check
Register callbacks if the device is jailbroken or if a debugger is attached.
Secure Foundation
Secure components enabling application authentication, secure file storage, and app level file-based keychain to your app. Added File Shred - Removes app data file after shreding contents
Passcode Check
Ensure that the device passcode is set and is sufficiently complex.
Forced Inlining
Mitigate against memory editing by forcing functions to be inlined instead of referenced.
Memory Security
Encrypt memory at run-time, encrypted memory manager, anti-tamper checksum, and scrub on exit. Updated to include address range checks for advanced anti-tamper mitigation
Single Sign On
Simple MDM Single Sign On solution for application level logins.
Encrypted Code Modules
Mitigates static attacks - allows sections of source code to be encrypted into a .dylib at build time and decrypted at run-time. Includes Application Integrity Checker example app
Coming Soon...
- iRASP – iOS Runtime Application Self-Protection - Application instrumentation enabling security detection and prevention
- iLAD – iOS Leak Analysis and Detection - Extend PiOS research, static call graph and data loss analysis for iOS
- Dynamic App Bundling research - App repackaging techniques
Stretch Goals ...
- Off device trust - iOS Lightning Connector and trusted smart charger research
Outreach
OWASP AppSec USA 2014, Sept 2014, Denver Colorado, Defender Track