About MAD

The perception that iOS is inherently immune to attacks due to Apple's security model known as the “Walled Garden” is dangerous. Devices with jailbreak, improper management profiles, logical flaws in the application, and repackaging techniques allow attackers to perform advanced analysis and manipulate application behavior, including in non-jailbreak scenarios. Instrumentation and dynamic analysis tools can be used to observe, modify, and exploit application logic when additional protections are not present.

In this context, MAD for iOS offers multi-layered protection for native and cross-platform applications. The solution combines proactive defense mechanisms, protection against static analysis, and advanced obfuscation techniques to hinder reverse engineering and code tampering. The focus is on the integrity of the Objective-C and Swift runtime, protection of sensitive local data, and application of LLVM-based obfuscation, significantly raising the resistance level of the Mach-O binary against analysis and manipulation attempts.

Common Attackers' Objectives

In iOS application attack scenarios, the most frequent objectives include:

• Gaining unauthorized access to the application or protected resources • Modifying the application's behavior or injecting malicious code • Performing reverse engineering to extract intellectual property • Expanding the attack surface and bypassing protection mechanisms

MAD Protection Approach

MAD helps the application withstand these attack vectors by inserting interdependent protection routines, directly coupled to the application binary. These routines enable the application itself to identify attack attempts at runtime and react automatically, applying blocking, mitigation, and alerting policies.

In addition to active detections, MAD implements mechanisms that significantly hinder attackers' ability to read, extract, and understand the code, reducing the effectiveness of static and dynamic analysis.

When an attack attempt is detected at runtime, MAD triggers the configured response, which may include the controlled termination of the application and sending alerts to the Command Center, enabling centralized response and event correlation.

Solution Differentiators

The protection provided by MAD stands out from traditional software security approaches due to the following factors:

• Variable Protection: A seed value is used to define how the code will be protected. With each new application of the seed, the application receives a different protection, making continuous reverse engineering difficult and preventing attackers from accumulating reusable knowledge across versions. • High Customization: Protections can be adjusted according to the application's sensitivity, performance requirements, and specific business rules. This allows the solution to adapt to different scenarios and client needs while maintaining the balance between security, usability, and performance.