iOS Application Protection | Protections

keep ahead

of attackers

MAST adds tuneable protections for your app in seconds. It checks that you’re making the most of iOS’s security measures, prevents reverse engineering, evades runtime tampering, and denies Jailbreaks.

Prevent Reverse Engineering

It would take attackers months to analyze your app’s code. That’s because MAST spreads your app’s code across the application, adds dead ends and dummy code, and encrypts the function-call strings.

Selector encryption

Obfuscates your app’s code flow by encrypting function calls. At runtime, your app will decrypt what it needs with no perceptible delay.

Code diffusion

Shuffles your app's code at a low level without impacting execution.

False predicate insertion

Adds false code paths and ‘if’ statements. If an attacker attempts to run the app at these calls in a debugger, a configurable distress signal is triggered.

Final full-binary obfuscation

A final pass translates known operations in the app to an equivalent that is much more difficult to reverse engineer. For example, MAST may replace a simple addition operation with a sequence of bit-shifts.

Evade Runtime Tampering

MAST embeds traps and prevents attackers from studying and modifying your app’s code while it’s running.

Evade Runtime Tampering

Adds code at critical points throughout the program to make sure the app is running on a physical device. This includes checking for the presence of debuggers without affecting the app’s execution.

Deny Triggered Detections

If an attacker attempts to run the app in a debugger to bypass the static obfuscation or leak privileged program behavior, the app will terminate.

Distress Signal

MAST can be configured to alert you and your fraud systems when it detects an attack.

Recognize And Deny Jailbreaks

MAST helps your app look for evidence that it’s running in a vulnerable environment. When detected, your app will turn off and stay off.

Insert Jailbreak Detection

Adds code at critical points throughout the program that verifies the integrity of the iOS platform by checking if the device has been jailbroken or not.

Define Custom Callbacks

Decide how to act if a jailbroken environment is detected: wipe sensitive data, issue a distress signal or run custom code.

Unprotected Code is easy to reverse engineer and debug
MAST prevents attackers from mapping function call strings to their true location in your app’s code
Code obfuscated by MAST is nearly impossible to analyze

Balance Protection With Performance

You get complete control over which protections your bitcode receives. Add them all at full strength, and the binary size and run time will increase by a minimal percentage with limited impact to the deployed app. You can scale back these percentages by setting MAST to protect less of the overall code base.

Make The Most Of iOS's Security Measures Included in free trial!

To fully leverage iOS’s security model, you need deep expertise in app security. No time or not enough experience to address all of these features internally? We’ve got you covered. While MAST compiles your app, it searches for common security oversights. You’ll receive a report of specific issues to address when we return your bitcode. The list of checks grows over time, and includes:

App Transport Security (ATS)

Coming Soon

Proper use of TLS

Coming Soon

Certificate pinning inside your app

Coming Soon

Data Protection API Encryption

Coming Soon

Keychain Services to store passwords and tokens

Coming Soon

Prevent sync to iCloud or iTunes Backups

Coming Soon

Clear background screenshots

Coming Soon

Avoid using NSLog for sensitive information

Coming Soon

Keep sensitive data out of the Keyboard cache

Coming Soon

Custom URL Handlers

Coming Soon

XSS in UI Web Views

Coming Soon

Format Strings

Coming Soon

Directory Traversal

Coming Soon

Null bytes handling

Coming Soon

XML parsing issues

Coming Soon

SQL injection

Coming Soon

Keep Ahead Of The Latest Attacks

New reverse engineering and runtime tampering tools and Jailbreak techniques emerge every day. We know because we monitor for these threats continuously. When we find a new one, we teach MAST how to break it. Every time you recompile your app with MAST’s updated protections, it will break attacker’s newest tools immediately, setting them back to zero.