Getting Started with Defender for iOS
This page provides a general overview of Defender for iOS. It is very important to understand any prerequisites and required command line arguments or configuration file values.
Prerequisites
- Apple Developer account.
- Defender for iOS will build and sign a distributable iOS application. You must be able to sign your application either through settings within your build scheme or by providing individual signing items, such as a mobile provisioning file.
- Xcode 14 or later.
- Xcode Command Line Tools.
- macOS Monterrey 12.5 or later.
- Valid Defender for iOS license.
Using Defender for iOS
Defender for iOS is a command line tool that will harden your Swift and Objective-C iOS applications. By default, Defender for iOS will apply both renaming and control flow obfuscation to your source code. After protections are inserted, Defender for iOS will build and sign the iOS archive (.ipa) file.
Defender for iOS will not modify your original source code, but will instead make modifications to temporary copies of your code. This will allow you to continue to make updates to your application’s code without needing to insert any special code or revert any changes.
To run Defender for iOS, call the executable from a command line, followed by the location of your applications .xcodeproj file and the build scheme you are obfuscating:
$ defenderForiOS ~/Desktop/iOSDevelopment/SampleProject/SampleProject.xcodeproj --scheme SampleScheme
Configuration
Defender for iOS supports a variety of command line arguments as well as a configuration file. For example, you can specify the destination to place your built iOS application, the amount of detail to capture in log files, signing options, and more.
These options are explained in more detail in their respective sections of this user guide.
Code Signing
Code signing uses keys and certificates installed in the local Keychain. Defender for iOS will need the appropriate Private and Public Keys from the Developer or Distribution Certificate installed on the local machine during the code signing phase. Refer to Apple documentation for information on code signing.
If an issue occurs in an attempt to code sign with the warning:
“Defender for iOS” cannot be opened because the identity of the developer cannot be confirmed.
To run it, go to System Preferences > Security & Privacy > General tab > Open Anyway
CI/CD
As a command line tool, you can utilize Defender for iOS within your Continuous Integration/Continuous Delivery pipelines. You can create a predefined configuration file, specify each setting via a command line argument, or use a combination of a file and arguments. Please note that any command line arguments will override options set within a configuration file.