Hello,
What can be the best way of detecting if the app process on iOS is attached to a debugger?( the known ways ptrace() and sysctl() are banned after ios9 so not a solution anymore)
Cheers,
Ap
What can be the best way of detecting if the app process on iOS is attached to a debugger?
Why do you need to know this?
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"it is one of the additional protection layer in the concept of self defensive apps view altough has a low likelihood..In past it was possible by using ptrace however the method was banned.. So i am looking for an alternative..
it is one of the additional protection layer in the concept of self defensive apps …
OK. I don’t have any suggestions on that front. Trying to do your own protection like this is pointless IMO. If the attacker controls the environment such that they can attach with a debugger, they can easily disable any check that you might implement.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"yea but we are talking about detective controls and the "easily disable" part depends how you implement it. It is a long story but , as i understood after ios 9 it is quite difficult to implement this feature unless you design some heuristic aproach rather than using syscalls..
Cheers,
Ap