Secrets and Lies: Protecting Mobile Apps Through Cryptography and Obfuscation

Explore the complexities of app security in this 59-minute conference talk by Rob Napier. Delve into the nuances of "security through obscurity" and learn why it's not as simple as conventional wisdom suggests. Discover the various attacks your app may be facing unknowingly and understand the distinctions between cryptography, obfuscation, and steganography. Gain practical insights on protecting users, services, and businesses through approachable techniques. Focus on mobile development and mobile-server communication issues, with examples primarily in iOS and Swift, but applicable to Android and back-end development. Learn about lock picking, encryption, risk management, bot prevention, API key storage, certificate pinning, secret knocks, app hardening, and debugging techniques. Understand how to monitor logs, hide secrets, use stronger strings, and implement real-life obfuscation strategies to enhance your app's security posture.