Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/futurragroup/securitykit

SecurityKit is a lightweight, easy-to-use Swift library that helps protect iOS apps according to the OWASP MASVS standard, chapter v8, providing an advanced security and anti-tampering layer.
https://github.com/futurragroup/securitykit

cydia encryption-decryption jailbreak jailbreaking obfuscation owasp reverse-engineering security swift vpn

Last synced: 22 days ago
JSON representation

SecurityKit is a lightweight, easy-to-use Swift library that helps protect iOS apps according to the OWASP MASVS standard, chapter v8, providing an advanced security and anti-tampering layer.

Awesome Lists containing this project

README 

          
# SecurityKit



Icon copy




## Overview

SecurityKit is a lightweight, easy-to-use Swift library that helps protect iOS apps according to the OWASP MASVS standard, chapter v8, providing an advanced security and anti-tampering layer.



## Installation



SecurityKit is available with Swift Package Manager.



The [Swift Package Manager](https://swift.org/package-manager/) is a tool for automating the distribution of Swift code and is integrated into the `swift` compiler. 



Once you have your Swift package set up, adding SecurityKit as a dependency is as easy as adding it to the `dependencies` value of your `Package.swift`.



```swift

dependencies: [

    .package(url: "https://github.com/FuturraGroup/SecurityKit.git", .branch("main"))

]

```



## Usage



### Update Info.plist

For jailbreak detection to work correctly, you need to update your main Info.plist.

```xml

LSApplicationQueriesSchemes



    cydia

    undecimus

    sileo

    zbra

    filza



```

### Jailbreak detection

* This type method is used to detect the true/false jailbreak status

```swift

if SecurityKit.isJailBroken() {

    print("This device is jailbroken")

} else {

    print("This device is not jailbroken")

}

```

* This type method is used to detect the jailbreak status with a message which jailbreak indicator was detected

```swift

let jailbreakStatus = SecurityKit.isJailBrokenWithErrorMessage()

if jailbreakStatus.jailbroken {

    print("This device is jailbroken")

    print("Because: \(jailbreakStatus.errorMessage)")

} else {

    print("This device is not jailbroken")

}

```

* This type method is used to detect the jailbreak status with a list of failed detects

```swift

let jailbreakStatus = SecurityKit.isJailBrokenWithErrorDetects()

if jailbreakStatus.jailbroken {

    print("This device is jailbroken")

    print("The following checks failed: \(jailbreakStatus.errorDetects)")

}

```

### XOR String obfuscation

```swift

// String Encryption

let encrypt = SecurityKit.stringEncryption(plainText: "plainText", encryptionKey: "key")



// String Decryption

let decrypt = SecurityKit.stringDecryption(cypherText: encrypt, decryptionKey: "key")

```

### AES-GCM encryption

* AES-256-GCM authenticated encryption via CryptoKit (iOS 13+). Provides both confidentiality and integrity.

```swift

let secret = "sensitive data".data(using: .utf8)!



// Encrypt

if let encrypted = SecurityKit.aesEncrypt(data: secret, key: "myPassphrase") {

    print("Encrypted: \(encrypted.base64EncodedString())")



    // Decrypt

    if let decrypted = SecurityKit.aesDecrypt(data: encrypted, key: "myPassphrase") {

        let string = String(data: decrypted, encoding: .utf8)

        print("Decrypted: \(string ?? "")")

    }

}

```

### View Protection

* Protecting a specific UIView from being screenshotted

```swift

ViewProtection.shared.makeProtection(for: self.view)

```

* Remove protection from UIView

```swift

ViewProtection.shared.removeScreenProtection(for: self.view)

```

### Screen recording protection

* Screen recording protection, the screen will be completely blurred

```swift

BlurScreen.shared.start()

```

* Stop screen recording protection

```swift

BlurScreen.shared.stop()

```

### Simulator detection

* This type method is used to detect if application is run in simulator

```swift

if SecurityKit.isSimulator() {

    print("app is running on the simulator")

} else {

    print("app is not running on the simulator")

}

```

### Reverse engineering tools detection

* This type method is used to detect if there are any popular reverse engineering tools installed on the device

```swift

if SecurityKit.isReverseEngineered() {

    print("This device has reverse engineering tools")

} else {

    print("This device does not have reverse engineering tools")

}

```

* This type method is used to detect the reverse engineered status with a list of failed detects

```swift

let reStatus = SecurityKit.isReverseEngineeredWithErrorDetect()

if reStatus.reverseEngineered {

    print("SecurityKit: This device has evidence of reverse engineering")

    print("SecurityKit: The following detects failed: \(reStatus.errorDetect)")

}

```

### Debugger detection

* This type method is used to detect if application is being debugged

```swift

let isDebugged: Bool = SecurityKit.isDebugged()

```

* This type method is used to deny debugger and improve the application resillency

```swift

SecurityKit.denyDebugger()

```

* This method is used to detect if application was launched by something other than LaunchD (i.e. the app was launched by a debugger)

```swift

let isNotLaunchD: Bool = SecurityKit.isParentPidUnexpected()

```

* This type method is used to detect if there are any breakpoints at the function

```swift

func denyDebugger() {

    // add a breakpoint at here to test

}



typealias FunctionType = @convention(thin) ()->()



let func_denyDebugger: FunctionType = denyDebugger   // `: FunctionType` is a must

let func_addr = unsafeBitCast(func_denyDebugger, to: UnsafeMutableRawPointer.self)

let hasBreakpoint: Bool = SecurityKit.hasBreakpointAt(func_addr, functionSize: nil)

```

* This type method is used to detect if a watchpoint is being used.

A watchpoint is a type of breakpoint that 'watches' an area of memory associated with a data item.

```swift

// Set a breakpoint at the testWatchpoint function

func testWatchpoint() -> Bool{

    // lldb: watchpoint set expression ptr

    var ptr = malloc(9)

    // lldb: watchpoint set variable count

    var count = 3

    return SecurityKit.hasWatchpoint()

}

```

* This type method is used to detect if a debugger has registered exception ports on the current task

```swift

let hasExceptionPort: Bool = SecurityKit.isExceptionPortSet()

```

### Integrity detection

* This type method is used to detect if application has been tampered with

```swift

if SecurityKit.isTampered(

    [.bundleID("com.app.bundle"),

     .mobileProvision("your-mobile-provision-sha256-value")]

).result {

    print("SecurityKit: I have been Tampered.")

} else {

    print("SecurityKit: I have not been Tampered.")

}

```

* This type method is used to get the SHA256 hash value of the executable file in a specified image

```swift

// Manually verify SHA256 hash value of a loaded dylib

if let hashValue = SecurityKit.getMachOFileHashValue(.custom("SecurityKit")),

   hashValue == "6d8d460b9a4ee6c0f378e30f137cebaf2ce12bf31a2eef3729c36889158aa7fc" {

    print("SecurityKit: I have not been Tampered.")

} else {

    print("SecurityKit: I have been Tampered.")

}

```

* This type method is used to find all loaded dylibs in the specified image

```swift

if let loadedDylib = SecurityKit.findLoadedDylibs() {

    print("SecurityKit: Loaded dylibs: \(loadedDylib)")

}

```

### Code signature detection

* This type method is used to detect if the app's code signature directory has been modified or removed

```swift

if SecurityKit.isCodeSignatureModified() {

    print("Code signature has been tampered with")

}

```

* This type method is used to detect if the app is running as a development build

```swift

if SecurityKit.isDevelopmentBuild() {

    print("This is a development build")

}

```

* This type method is used to verify the team identifier from the embedded provisioning profile

```swift

if SecurityKit.verifyTeamIdentifier("ABCDEF1234") {

    print("Team identifier is valid")

} else {

    print("Team identifier mismatch — app may have been re-signed")

}

```

### MSHookFunction detection

* This type method is used to detect if `function_address` has been hooked by `MSHook`

```swift

func denyDebugger() { ... }



typealias FunctionType = @convention(thin) ()->()



let func_denyDebugger: FunctionType = denyDebugger // `: FunctionType` is must

let func_addr = unsafeBitCast(func_denyDebugger, to: UnsafeMutableRawPointer.self)

let isMSHooked: Bool = SecurityKit.isMSHooked(func_addr)

```

* This type method is used to get original `function_address` which has been hooked by `MSHook`

```swift

func denyDebugger(value: Int) { ... }



typealias FunctionType = @convention(thin) (Int)->()



let funcDenyDebugger: FunctionType = denyDebugger

let funcAddr = unsafeBitCast(funcDenyDebugger, to: UnsafeMutableRawPointer.self)



if let originalDenyDebugger = SecurityKit.denyMSHook(funcAddr) {

    // Call orignal function with 1337 as Int argument

    unsafeBitCast(originalDenyDebugger, to: FunctionType.self)(1337)

} else {

    denyDebugger()

}

```

### FishHook detection

* This type method is used to rebind `symbol` which has been hooked by `fishhook`

```swift

SecurityKit.denySymbolHook("$s10Foundation5NSLogyySS_s7CVarArg_pdtF") // Foudation's NSlog of Swift

NSLog("Hello Symbol Hook")



SecurityKit.denySymbolHook("abort")

abort()

```

* This type method is used to rebind `symbol` which has been hooked at one of image by `fishhook`

```swift

for i in 0..<_dyld_image_count() {

    if let imageName = _dyld_get_image_name(i) {

        let name = String(cString: imageName)

        if name.contains("SecurityKit"), let image = _dyld_get_image_header(i) {

            SecurityKit.denySymbolHook("dlsym", at: image, imageSlide: _dyld_get_image_vmaddr_slide(i))

            break

        }

    }

}

```

### RuntimeHook detection

* This type method is used to detect if `objc call` has been RuntimeHooked by for example `Flex`

```swift

class SomeClass {

    @objc dynamic func someFunction() { ... }

}



let dylds = ["SecurityKit", ...]



let isRuntimeHook: Bool = SecurityKit.isRuntimeHook(

    dyldAllowList: dylds,

    detectionClass: SomeClass.self,

    selector: #selector(SomeClass.someFunction),

    isClassMethod: false

)

```

### System proxy and VPN detection

* This type method is used to detect if HTTP proxy or VPN was set in the iOS Settings.

```swift

let isProxied: Bool = SecurityKit.isProxied()

```

### Lockdown mode detection

* This type method is used to detect if the device has lockdown mode turned on.

```swift

let isLockdownModeEnable: Bool = SecurityKit.isLockdownModeEnable()

```

### Environment variables detection

* This type method is used to detect suspicious environment variables commonly used for code injection (e.g. `DYLD_INSERT_LIBRARIES`, `SUBSTRATE_INSERT_LIBRARIES`)

```swift

if SecurityKit.hasSuspiciousEnvironment() {

    print("Suspicious environment variables detected")

}

```

### Network security detection

* This type method is used to detect if SSL Kill Switch or similar SSL unpinning tools are loaded

```swift

if SecurityKit.isSSLKillSwitchLoaded() {

    print("SSL Kill Switch detected — network traffic may be intercepted")

}

```

* This type method is used to detect if App Transport Security (ATS) is disabled in Info.plist

```swift

if SecurityKit.isATSDisabled() {

    print("ATS is disabled — insecure HTTP connections are allowed")

}

```

### Device fingerprint

* This type method generates a unique, stable SHA256 device fingerprint based on vendor ID, Keychain-persisted UUID, and hardware model

```swift

let fingerprint: String = SecurityKit.getDeviceFingerprint()

print("Device fingerprint: \(fingerprint)")

```

### Secure Storage

* A Keychain wrapper for securely storing sensitive data with configurable accessibility levels

```swift

let storage = SecureStorage()



// Save a string

storage.save("secret-token", for: "auth_token")



// Load a string

if let token = storage.loadString(for: "auth_token") {

    print("Token: \(token)")

}



// Save raw data

let data = "sensitive".data(using: .utf8)!

storage.save(data, for: "secret_data")



// Load raw data

if let loaded = storage.loadData(for: "secret_data") {

    print("Data: \(loaded)")

}



// Check existence

let exists: Bool = storage.exists(key: "auth_token")



// Delete a single item

storage.delete(key: "auth_token")



// Delete all items for this service

storage.deleteAll()

```

* Custom access levels for different security requirements

```swift

// Most secure — requires passcode, bound to this device

let secure = SecureStorage(accessLevel: .whenPasscodeSetThisDeviceOnly)



// Available after first unlock, even when locked (for background tasks)

let background = SecureStorage(accessLevel: .afterFirstUnlockThisDeviceOnly)



// Custom service identifier

let custom = SecureStorage(service: "com.myapp.credentials", accessLevel: .whenUnlockedThisDeviceOnly)

```

### Memory Protection

* Securely wipe sensitive data from memory to prevent forensic recovery

```swift

var secretData = "password123".data(using: .utf8)!

MemoryProtection.wipe(&secretData)

// secretData is now empty



var secretBytes: [UInt8] = [0x41, 0x42, 0x43]

MemoryProtection.wipe(&secretBytes)

// secretBytes is now empty



var secretString = "my-api-key"

MemoryProtection.wipe(&secretString)

// secretString is now ""

```

### Clipboard Protection

* Clear the clipboard immediately or after a delay to prevent sensitive data leakage

```swift

// Clear clipboard immediately

ClipboardProtection.shared.clearClipboard()



// Clear clipboard after 30 seconds (default)

ClipboardProtection.shared.clearAfterDelay()



// Clear clipboard after custom delay

ClipboardProtection.shared.clearAfterDelay(10)



// Check if clipboard has content

let hasContent: Bool = ClipboardProtection.shared.hasContent()



// Cancel pending auto-clear

ClipboardProtection.shared.stopAutoClear()

```

## Contribute



Contributions for improvements are welcomed. Feel free to submit a pull request to help grow the library. If you have any questions, feature suggestions, or bug reports, please send them to [Issues](https://github.com/FuturraGroup/SecurityKit/issues).



## License



```

MIT License



Copyright (c) 2025 Futurra Group



Permission is hereby granted, free of charge, to any person obtaining a copy

of this software and associated documentation files (the "Software"), to deal

in the Software without restriction, including without limitation the rights

to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

copies of the Software, and to permit persons to whom the Software is

furnished to do so, subject to the following conditions:



The above copyright notice and this permission notice shall be included in all

copies or substantial portions of the Software.



THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE

SOFTWARE.

```