Contact us

BOOK A PRESENTATION

How to Integrate ASEE’s Integrity Check Solution into your iOS app   

August 7, 2024
NO NAME
Integrity check was developed for the purpose of detecting malicious modifications of iOS mobile applications. The solution is designed as a combination of macOS application and the SDK for iOS mobile applications. In this blog, we will guide on how to integrate and use Integrity check.

Requirements

PlatformsPrerequisites
iOSmacOS– v11.0+ (Big Sur or higher)
Integrity SDK – v12.0+

Step 1: Set Up in Xode

Copy ASEEIntegritySDK.framework

First step is to copy the provided ASEEIntegritySDK.framework file from the release package to the iOS Xcode project

Embed and Sign framework

Then set the embed parameter to Embed & Sign

Disable Bitcode

After that, in Build Settings, set Enable Bitcode option to NO

Step 2: Integrate the SDK into your app

Next we move onto integrating the sdk by adding the import statement into our code where we wish to check for integrity of our app.

Add “import ASEEIntegritySDK”

This can be done on app start in App Delegate or through out the app where possible sensitive information might be processed.

Next up intilize the SDK by providing a valid licence.

    func application(_ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?) -> Bool {
        // Override point for customization after application launch.
        do {
            try IntegrityValidator.initialize(licenceKey: "xxx-xxx-xxx-xxx-xxx")
        }catch {
            print("Failed to initialize with error: \(error)")
        }
        return true

To validate the integrity of the app, call the function validateIntegrity. In this section, you can define what action the app should take in case of invalid integrity. For example, you can terminate the app or, to provide a better user experience, display a dialog that explains why the app can’t proceed.

    private func checkIntegrity() {    
        IntegrityValidator.validateIntegrity {
            self.setIntegrityOkImage()
        } failure: { error in
            self.setIntegrityCompromisedImage()
            print("Integrity check failed with error: \(error)")
        }

Step 3. Build and publish your app

The next part is validating your app with the Mac OS app provided in the bundle.

Step 1. Build .ipa file

Step 3. Use ASEEIntegrityCheck Mac App

Open the provided app and enter a valid license.

Drag and drop the .ipa file and the corresponding .mobileprovision file in the designated areas of the MacOS application

Once the main app signature value is successfully calculated the .ipa file generated by the ASEE Integrity check tool can be run on an iOS device or uploaded to the App Store

Tip

If your MacOS application can’t open, go to System Preferences -> Security and Privacy -> General and select Open Anyway button for ASEEIntegrityCheck application.

Conclusion

Securing our app's integrity is one of the key measures for fighting against app attacks and malicious exploitations. By adding integrity checks in our app, we are adding additional security checks before accessing sensitive information and providing our customers best and safest experience.

Karolina Škunca

Karolina is an iOS Software Developer. She works on preventing security attacks on iOS phones and frequently tests ASEE’s applications. Her greatest passions are designing and developing new applications.

Want to learn more about cybersecurity trends and industry news?

SUBSCRIBE TO OUR NEWSLETTER

CyberSecurityhub

chevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram