How exactly does encrypting binary data work when you can download the
entire application directly on your device?
The exact mechanism for this is not documented because it’s a contract between the OS running on the device and the App Store. It has changed in the past and may change again in the future, and only those two parties actually care [1].
doesn't this mean apple is slowing down all apps on the app store
because it has to decrypt every single instruction from the binary
before running it on the device?
There are limits to how much I can go into this — partly because it’s sensitive, but mostly because I don’t keep track of the details — but I want to stress that the performance impact of this is mitigated by the way that code is loaded on our platforms. When you run an app, the OS does not load all of its code into memory at once. Rather, it’s paged in from your executable file on demand. The pager already has to check the code signature of each page as it brings it in — if you’re curious about how that works, see the discussion of per-page hashes in TN3126 Inside Code Signing: Hashes — and that requires touching every byte in the page. Decrypting the data at the same time isn’t such a big deal.
Also what's the problem with hard coding sensitive information into
source code if it will be encrypted?
Because you want to be in control of your own destiny here. This scheme is not documented, so there are no guarantees about what will or won’t be encrypted. If you have sensitive information, add your own code to obfuscate it.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] Well, that and the folks who are working to subvert iOS’s security.
