Skip to content

Debug Symbols Present in the Application

Debug Symbols Present in the Application

Description

The application should provide as little explanatory information as possible with the compiled code. Metadata such as debugging information, line numbers, and descriptive function or method names make the binary or byte-code easier to reverse engineer.

These symbols can be saved in "Stabs" format, the DWARF format, or in .symbols r .symbolsmap files. It is noteworthy that most crash reporting tools support uploading symbols to perform stack trace symbolization and don't require symbols to be present in the application.

Recommendation

To remove all symbols and debug data from your application:

  1. Open Xcode.
  2. Open application project in Xcode.
  3. Navigate to "File" > "Project Settings" in the Xcode menu bar.
  4. Within the Project Settings window, find and select the "Deployment" tab.
  5. Look for the setting named "Strip Debug Symbols During Copy".
  6. Change the value of the "Strip Debug Symbols During Copy" setting to YES.
  7. Save your changes.
  8. Build your application.

Standards

  • OWASP_MASVS_L1:
    • MSTG_CODE_3
    • MSTG_CODE_2
  • OWASP_MASVS_L2:
    • MSTG_CODE_3
    • MSTG_CODE_2
  • PCI_STANDARDS:
    • REQ_2_2
    • REQ_6_2
  • OWASP_MASVS_v2_1:
    • MASVS_RESILIENCE_3
    • MASVS_RESILIENCE_4