SDK-based Security Framework Design In IOS

Mobile App applications have become an important part of people's work and life.It brings convenience to the work and life of people while bringing security problem like fake identity,consumption rates,privacy leaks,source code leak and etc.Although the security of i OS system is strong,i OS APP developers' ability ranges a lot,which leading to the serious App application security issues.This paper deeply analyzed the main security threats deeply existing in the stage of i OS application development,then on the analyzing the defects and problems of exist i OS mobile application security protection technology,and we proposed based on SDK security framework.The framework consists of the following five functional modules:1)Secure keyboard module: Use custom security keyboard instead of the original system keyboard and monitor the recording process by runtime,to effectively preventing users from leakage by entering information.2)Secure preserve user data module: Different encryption schemes are given according to the different data types.3)App sensitive information storage module: We designed and implemented the SSkeychain security storage container and encrypted the plist file.4)Source code protection module: Fuzz the file name,method name,class name,and so on in the source code of App application.5)Security hotfix module: The hotfix script is transmitted by the HTTPS protocol,and the local executable hotfix script code uses hash algorithm to verify its integrity.Furthermore,this paper implements the security protection SDK and tests the correctness of its function by using three applications while analyzing its performance at the same time.The result shows that SDK has no influence on the original App business while protecting the App.Finally,we analyzes the security of SDK itself.The security keypad proposed in this paper improves the scheme of random arrangement key,adding the function of removing the system cache and preventing the screen-recording attack,which is more effective in preventing input information from being stolen by attackers.Encryption of classified users' data fundamentally solve the unsafe threat of i OS sandbox.The keychain interfaces encapsulated in this paper removing some constants on the official API improve the development efficiency of the developer.In addition,this paper improves the content of App source code fuzzing,so that increases the difficulty of the attacker to analyze the source code.Finally,this article uses the HTTPS protocol and hash algorithm to ensure that the update script can be called safely by the App.