All of your app code belong us

GoMo News discovers the dangers of decompiling

Whilst attending the Digital Services World Congress 2013 at London’s Bond Street, GoMo News happened to run into Arxan Technologies. This company specialises in helping app developers prevent their hard crafted code from being hijacked by villaneous hackers. We’d assumed that this problem only really affected those writing apps for the Android world. But we were wrong it affects the Apple/iOS developer community, too. In the process we also discovered the art of decompiling.

So imagine you’ve just created a world beating iOS app which you’ve managed to get successfully hosted on Apple’s iTunes app store.

Your code is safe right? Well not according to Arxan it certainly isn’t.

The company actually outlines the simple steps that a code hijacker could take to steal your precious IPR/code.

First off the villain downloads your app to a jailbroken iPhone. Your code is encrypted but it can be broken very simply with a tool such as ‘clutch’.

Next you dissasemble the decrypted app using a readily available tool such as Hopper Disassembler.

Worst still, Hopper is capable of then ‘decompiling’ the dissasembled code which turns it back into high level source code.

Once you’ve reached this stage you can start to perform all sorts of nasties on an application which to all intents and purposes will appear to be kosher [genuine].

It’s a nightmare but it gets worse. Arxan says it is relatively simple to modify an app which should detect that its running on a ‘jailbroken’ [cracked] or ‘rooted’ handset so that such detection fails.

So it is entirely possible that you will find your precious app code circulating on rogue sites.

Try complaining and you will probably receive the infamous retort [Mike MageeTM] from hackers that “All of your app code belong us.”

Obviously the guys at Arxan will explain how to avoid this situation – at a price, of course.

About Tony Dennis

Tony is currently Editor of GoMobile News. He's a veteran telecoms journalist who has previously worked for major printed and online titles. Follow him on Twitter @GoMoTweet.
This article was published in android, iOS, mobile developers, mobile security and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>