Skip to content

Category: iOS AppSec

Basic Hands-on with iOS App Development

Before performing source code review, you should get some hands-on experience with developing an iOS application. In this post, I will show you some of the possible steps to get started. You will spend roughly 30 hours on developing some iOS applications and learning some of the common libraries in Swift 5.

Initial Readings – 6 hours

Read App Development with Swift

Build a Simple iOS application – 4 hours

Now it is time to write some code. The purpose of this exercise is to understand the basic structure of an iOS application such as:
– Learn how to link UI objects (e.g. UIImage, Buttons, Sliders etc.) in the Main Board to the View Controller
– Learn how the function in the ViewController can update the UI objects values.
– Naming UI objects
– Uploading images into Assets.xcassets directory
– Learn to initialise variables in Swift.
– Differentiate between ‘var’ and ‘let’ declaration (var is used to initialise the mutables while let is used for declaring constant)

Example of a simple Dice app (that changes randomly on every roll) from iOS Boot Camp

Build an intermediate iOS application – 8 hours

Build an application which stores data locally. The types of data should also include sensitive data such as username and password.

Purpose of UserDefaults. The data is saved as plist. This is not a database. Just use it to learn small kb of data and not for large amount of data.

Data Storage Methods:
1. UserDefaults
2. Encode Data into plists
3. Keychain (An API to store sensitive data (e.g. username, password etc.) securely
4. SQLite
5. Core Data (Object Oriented Database)
6. Realm

Build another intermediate iOS application – 12 hours

Recommended Resources:


Intro to iOS Application Security

<Draft version>
The purpose of this blog series is to help an Application Security engineer to learn enough about iOS application security in order to perform source code review. The posts will also require hands-on testing as this will increase understanding of the vulnerabilities.


  • iOS Application Security
  • iOS Hacker’s Handbook
  • Advanced Apple Debugging & Reverse Engineering
  • Mac OS X and iOS Internals
    • Volume I: User Mode (v1.3)
    • Volume II: Kernel Mode
    • Volume III: Security & Insecurity
  • The Mobile Application Hacker’s Handbook
  • OWASP Mobile Application Security Verification Standards (MASVS)
  • OWASP Mobile Security Testing Guide (MSTG)
  • Apple Secure Coding