Introducing RASP Protection in iOS Apps with Swift
Yassine Lafryhi , 27 Aug 2023What is RASP?
RASP or Runtime Application Self-Protection is an advanced security solution that identifies and prevents real-time attacks instantly within the app. It’s integrated into an app’s runtime environment and can detect threats and instantly take action without any human intervention.
Setting Up RASP in iOS
To get started with RASP, we’ll look into the implementation of some primary RASP functionalities:
Debugger Detection
Detecting if a debugger is attached to your application can be crucial in preventing runtime manipulations of your app :
protocol RaspDebuggerDetectionProtocol {
func isDebuggerAttached() -> Bool
}
class RaspDebuggerDetection: RaspDebuggerDetectionProtocol {
static let shared = RaspDebuggerDetection()
private init() {}
func isDebuggerAttached() -> Bool {
var info = kinfo_proc()
var mib: [Int32] = [CTL_KERN, KERN_PROC, KERN_PROC_PID, getpid()]
var size = MemoryLayout<kinfo_proc>.stride
let junk = sysctl(&mib, UInt32(mib.count), &info, &size, nil, 0)
return (info.kp_proc.p_flag & P_TRACED) != 0
}
}
- Example of using the RaspDebuggerDetection singleton :
if RaspDebuggerDetection.shared.isDebuggerAttached() { print("Debugger detected") }
Anti-Tampering
Protecting the integrity of your application against tampering attempts:
class RaspAntiTampering {
func verifyAppIntegrity() -> Bool {
guard let resourceURL = Bundle.main.resourceURL else { return false }
let codePath = resourceURL.appendingPathComponent("CodeResources").path
return FileManager.default.fileExists(atPath: codePath)
}
}
Jailbreak Detection
One crucial aspect of maintaining app security on iOS devices is detecting whether a device has been jailbroken. Jailbroken devices can pose a significant threat since they remove many of the built-in security features of iOS.
class RaspJailbreakDetection {
func isDeviceJailbroken() -> Bool {
// 1. Check for paths that are common for jailbroken devices
let jailbreakFilePaths = [
"/Applications/Cydia.app",
"/Library/MobileSubstrate/MobileSubstrate.dylib",
"/bin/bash",
"/usr/sbin/sshd",
"/etc/apt"
]
for path in jailbreakFilePaths {
if FileManager.default.fileExists(atPath: path) {
return true
}
}
// 2. Check if the app can write to /private
let stringToWrite = "Jailbreak Test"
do {
try stringToWrite.write(toFile: "/private/jailbreak.txt", atomically: true, encoding: .utf8)
// If the app is able to write to /private, it's a jailbroken device
try FileManager.default.removeItem(atPath: "/private/jailbreak.txt")
return true
} catch {
return false
}
}
}
To use this detection mechanism, simply create an instance of RaspJailbreakDetection and call isDeviceJailbroken()`. If the method returns true, it means the device is jailbroken, and you may want to restrict certain functionalities or even display a warning to the user about potential security risks.
Benefits of Implementing RASP
RASP allows developers to:
- Detect and prevent real-time threats.
- Protect sensitive data within the app.
- Provide instant threat responses without human intervention.
- Ensure compliance with security regulations and standards.