Securing mobile applications and user data is no easy task. There are mistakes waiting to happen. Goal of this talk os to help developers to avoid such common mistakes.
We are going to talk about security mechanism provided by iOS, about typical mistakes and anti-patterns when using them, and how to avoid this. Will look at how to protect data at rest and in transit. Will talk about upcoming ATS enforcement, about Secure Enclave, about malware and about jailbreaks.
Andrey got involved with iOS after Apple releases iOS 4 – first version to support proper encryption. That encryption made lawful data extraction harder and he contributed to solving this problem by developing a tool for extracting and decrypting data from iOS devices. Before iOS he’s been working on various password recovery tools and, among other things, was first to use GPUs for password recovery. Andrey presented at various conferences, such as BlackHat, Troopers, Hackito Ergo Sum, X Con, HitCon, Positive Hack Days, ZeroNights, РусКрипто and others.