Recently Apple announced the deprecation of BitCode (//developer.apple.com/documentation/Xcode-Release-Notes/xcode-14-release-notes) as a distribution target for apps. It means Apple has deprecated the option to build BitCode apps. BitCode has been largely used because it’s open source and available to everybody.
On one side, the decision made the developer community quite happy, removing complexity in the process. On the other side, it posed some unexpected difficulty to vendors proposing BitCode-based iOS apps obfuscation. Most security vendors designed their iOS obfuscation solution on BitCode, a very convenient approach to hardening the application binary before final linking. Code obfuscation is a powerful technique for protecting code from hackers but letting it remains fully functional.
The direction change from Apple imposes a re-engineering of all those obfuscation solutions, potentially limiting the interest, of some of them, in maintaining such a technology.
But what is the real impact from a security standpoint?
We at XTN Cognitive Security® believe in a revolution in the intellectual property protection approach in iOS apps. Instead of obfuscating the whole application, we should focus on sensible data, protecting them in secure enclaves or on the server side, and providing them on-demand to the app.
At the same time, we should delegate security primitives to specialized tools that can protect their logic with dedicated low-level implementations that offer no valuable information to a reverser. This redesign will provide a stable and reliable foundation for critical data protection without depending on Apple or the ephemeral platform’s features.
The XTN Cognitive Security®platform focuses on content protection instead of generally obfuscating the app. Our RASP and In-App protection technology has a cutting-edge and disruptive approach compared to others vendors. It offers multiple features in iOS to securely store and share sensitive data in the app.