Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Due to MonoTouch using dll’s within the actual app, how secure is this approach? For instance, if someone is using the Mono.Security.dll, couldn’t someone swap out that dll with one which implemented the methods and perform a code injection attack on an app?
As much as any existing ones I know 🙂
No for several reasons.
You cannot change the applications files. That would break the digital signature and iOS won’t execute it. That alone removes a MitM attack;
the code from every .dll is already compiled to native code (by the AOT compiler) and part of the main executable binary. Swapping a new .dll won’t change the code that is executed;
the .dll that is deployed on devices is stripped (for release builds). There’s no IL (code) inside it since it would not be useful (we can’t JIT on iOS). Even if you add a .dll with IL code (e.g. a debug build) it won’t be executed (again it would require JITting);
Why are the .dll deployed ? for their metadata (e.g. if you use reflection)
Final note: MonoTouch produce native ARM executables just like Objective-C would.