iOS Obfuscation Detected

iOS Obfuscation Detected

Risk: secure

Description

Obfuscation signals were detected in the iOS application. Obfuscation makes static analysis and reverse engineering more difficult by reducing the readability of symbols, strings, or other implementation details that would otherwise help an attacker understand the application internals quickly.

This is a resilience control rather than a guarantee of security. Obfuscation can increase the effort required to analyze or modify the application, but it should be combined with stronger protections such as anti-tampering, anti-debugging, jailbreak detection, and server-side authorization checks.

Recommendation

This entry is informative, no recommendations applicable.

Links

• OWASP MASTG - iOS Obfuscation (MASTG-KNOW-0089)
• OWASP MASTG - Testing Obfuscation (MASTG-TEST-0093)
• OWASP MASVS - MASVS-RESILIENCE-3
• Apple Developer - Reducing Your App's Size

Standards

• OWASP_MASVS_RESILIENCE:
  • MSTG_RESILIENCE_4
  • MSTG_RESILIENCE_9
  • MSTG_RESILIENCE_11
  • MSTG_RESILIENCE_12
• OWASP_MASVS_v2_1:
  • MASVS_RESILIENCE_2
  • MASVS_RESILIENCE_3
  • MASVS_RESILIENCE_4
• OWASP_ASVS_L3:
  • V10_1_1
  • V10_2_3