Platforms | Prerequisites |
iOS | macOS– v11.0+ (Big Sur or higher) |
Integrity SDK – v12.0+ |
Copy ASEEIntegritySDK.framework
First step is to copy the provided ASEEIntegritySDK.framework file from the release package to the iOS Xcode project
Embed and Sign framework
Then set the embed parameter to Embed & Sign
Disable Bitcode
After that, in Build Settings, set Enable Bitcode option to NO
Next we move onto integrating the sdk by adding the import statement into our code where we wish to check for integrity of our app.
Add “import ASEEIntegritySDK”
This can be done on app start in App Delegate or through out the app where possible sensitive information might be processed.
Next up intilize the SDK by providing a valid licence.
func application(_ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?) -> Bool {
// Override point for customization after application launch.
do {
try IntegrityValidator.initialize(licenceKey: "xxx-xxx-xxx-xxx-xxx")
}catch {
print("Failed to initialize with error: \(error)")
}
return true
To validate the integrity of the app, call the function validateIntegrity. In this section, you can define what action the app should take in case of invalid integrity. For example, you can terminate the app or, to provide a better user experience, display a dialog that explains why the app can’t proceed.
private func checkIntegrity() {
IntegrityValidator.validateIntegrity {
self.setIntegrityOkImage()
} failure: { error in
self.setIntegrityCompromisedImage()
print("Integrity check failed with error: \(error)")
}
Step 3. Build and publish your app
The next part is validating your app with the Mac OS app provided in the bundle.
Step 1. Build .ipa file
Open the provided app and enter a valid license.
Drag and drop the .ipa file and the corresponding .mobileprovision file in the designated areas of the MacOS application
Once the main app signature value is successfully calculated the .ipa file generated by the ASEE Integrity check tool can be run on an iOS device or uploaded to the App Store
Tip
If your MacOS application can’t open, go to System Preferences -> Security and Privacy -> General and select Open Anyway button for ASEEIntegrityCheck application.
Securing our app's integrity is one of the key measures for fighting against app attacks and malicious exploitations. By adding integrity checks in our app, we are adding additional security checks before accessing sensitive information and providing our customers best and safest experience.
Karolina is an iOS Software Developer. She works on preventing security attacks on iOS phones and frequently tests ASEE’s applications. Her greatest passions are designing and developing new applications.