You have already been downloading apps from the app stores for quite some time. And, with time, you’ve found out more about how to protect your apps from reverse engineering. Here are some dos and don’ts for you to know about safeguarding apps from reverse engineering using technologies like obfuscation and compression:
1. Do use a secure signing certificate.
It is essential not to create an application that allows anyone to easily decompile or just download it without going through the effort of buying a legitimate license key. Do use an encryption algorithm to protect data from reverse engineering . You can also use the concept of secure containers in cryptography to create a closed system of digital certificates through reverse engineering.
2. Top ways to protect apps from reverse engineering
In this section, I am going to share with you the top 10 ways that you can use to protect your mobile apps from reverse engineering. You can also use software available in the market like ZODB, Moon, and so on. Don’t use default values that can be changed by anyone with little knowledge of the code. Also, do not store private information like user IDs and passwords within apps.
3. Do use a secure signing certificate
It is essential not to create an application that allows anyone to easily decompile or just download it without going through the effort of buying a legitimate license key. Other than that, you would also want to protect your applications from reverse engineering. This can be achieved by using a digital signature. A digital signature is a unique identifier that is generated by the developer’s machine and applies only to the app. The following steps explain this in detail: Open your development tools and create a new project for your mobile application. You will be developing a simple app using Xcode, which I will now discuss in detail:
4. Apple Provisioning Portal
You have to turn on the “Apple Provisioning Portal” in Xcode. Enabling this step will help you to use the Apple provisioning portal in order to generate a valid digital certificate using your developer ID. If you don’t want to do this, you can just download the Certificate Signing Request (CSR) yourself and then email it back to Apple instead. After confirming that you have activated the provisioning portal in your developer account, go to https://developer.apple.com/account/ and click on “Generate a reverse engineering Certificate Signing Request” in the Apple developer section:
5. Generating the CSR
After confirming that you have accepted the terms and conditions, and after reviewing the information service agreement and being asked to select a provisioning profile, you will see an option to choose which Apple account you want to use as your identity authority: Once you have chosen a developer account as your identity authority, this will open up a new window where you can generate your CSR. You will first have to enter your full name and country, as well as your email address. Once that is done, click on the Continue button: You will then have a new screen where you can upload your CSR file, generate an encrypted version of your CSR file, or just download it locally in your machine as a reverse engineering PEM file.
6. Downloading the PEM file
Once you have downloaded the PEM file, you have to upload it to your developer account as shown here: After you have uploaded the.PEM file to your developer account, go back to the Apple Developer portal and click on the “Create Your Identity Certificate” button from the identity section: On this next page, you will be asked to fill in all the details of your certificate request and submit it. Once that is done, Apple will review the submission and generate a digital certificate for your reverse engineering application: Now that you have successfully generated your certificate, you will have to go back to your development environment and copy the.PEM file. You can now use this digital certificate in the App ID field of your Xcode provisioning profile:
7. IOS App ID
After you have successfully done all the above steps, open up Xcode and create a new project, select “iOS Application” as the template and then click on the “Next” button: In the next window, you will be asked to create an App ID for your app. You can now use the “iOS App ID” value in the existing Xcode project, or you can then create a new one. After that, click on the “Next” button: In the next step, fill in all the details in reverse engineering about your mobile application like its name, identifier type, and so on. The measures also explain how to use a Development Team member as an identity authority for your certificate: In this next window, you can also select the certificate you want to use to sign your application along with the provisioning profile:
8. Selecting Options
Once you have selected all the available options in reverse engineering, click on the “Next” button. Xcode will now ask you to save a .mobileprovision file that will be used later on by your application to install on other devices: Click on the “Save” button and then go ahead and click on the “Finish” button. Xcode will now generate the .mobileprovision file and save it in the same directory where your project has been saved: You will then see a new window appear where you can go ahead and unzip this .mobileprovision file to get the certificate for your application:
9. X Coding
You have now successfully uploaded a digital certificate for your mobile application that will be used to sign applications on other devices. Now download the .cer file from the developer portal and unzip it: Copy the .cer file and go to your development environment. Connect your device to your computer using a USB cable, open up a free reverse engineering application like Windows Explorer, choose the directory where you have unzipped the certificate, and paste the .cer file there: Once you have pasted the .cer file in this directory, click on “Install Certificate” button in Xcode. Xcode will then ask you to agree with the terms of the agreement. After you have agreed with the terms and conditions, click on the “Allow” button:
10. Development tools handling
Xcode will then upload the certificate to your device and will then keep it in mind for future use:
Now, whenever you build and run your app, it will automatically lock your application with a validity period of one year from the current date. This can be changed in your development tools by going to your “Build Settings” and then selecting the date you want to use for signing a new application: Here is what the configuration screen will look like after you have customized this setting: You can now save the .mobileprovision file, which you have created inside Xcode, back in your developer account in order for it to be downloaded on other devices.
11. Digital certificate
After you have saved this file in your developer account through reverse engineering, you can now go back to your device and check whether the digital certificate is there or not: If everything goes right and the digital certificate is installed on your device, you will then see a little lock after tapping on the “Build & Run” button: Now that you have successfully signed your application, here are some of the things that can be done with it once it has been signed:
You can make your app available for download from the App Store by going to iTunes Connect and selecting the “View status” option: After that, in this next screen, you will be able to view which devices the app is available on: You can also update an existing application by reverse engineering clicking on the “Update” button: The following screenshot shows you how your app will appear in iTunes when it has been successfully updated: