ReProvision
TrustKit
| ReProvision | TrustKit | |
|---|---|---|
| 2 | 1 | |
| 495 | 1,971 | |
| - | 0.7% | |
| 1.5 | 4.7 | |
| over 3 years ago | 4 days ago | |
| C | C | |
| GNU Affero General Public License v3.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ReProvision
-
Apple has seemingly found a way to block Android’s new iMessage app
A few years ago, I built ReProvision (https://github.com/Matchstic/ReProvision) which used Apple APIs to sign iOS apps every 7 days. Even then, the authentication methods I was using kept getting blocked, and that was for something realistically low on Apple’s radar.
-
Fired App Reviewer Sues Apple
> Apple doesn't allow side loading apps
HN readers might be surprised at the extent of modded-iOS-app communities (just like APK communities for Androids) that manage to exist within the meager 7-day signing window Apple allows a free-tier developer account. Tools like AltStore and ReProvision are the standard for sideloading and renewing (respectively) legitimate jailbreak-entrypoint apps:
https://github.com/rileytestut/AltStore
https://github.com/Matchstic/ReProvision
Even for un-jailbroken devices there are entire alternative ecosystems based around sideloading modded/pirated apps. They are obviously full of pirated stuff, usually work by abusing an enterprise cert from an endless list of Chinese companies (not insinuating anything bad, just firsthand experience), and they probably have some nasty malware mixed in here and there as well. Zero endorsement for any of these examples from the first page of a DDG search, but you get the idea:
https://iphonecake.com/
https://sideload.tweakboxapp.com/
https://ipaspot.app/
https://www.valuewalk.com/2019/04/spotify-up-tweakbox-users-...
TrustKit
-
Securing API keys, clientId, clientSecret etc while distributing to App Store? Ways to prevent reverse engineering?
Good points. SSL pinning provides a certain level of protection. It’s tricky to implement correctly, so one can for instance consider https://github.com/datatheorem/TrustKit if you want to leverage SSL pinning.
What are some alternatives?
PINRemoteImage - A thread safe, performant, feature rich image fetcher
ssl-kill-switch2 - Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.
owasp-mastg - The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
vger - 2D GPU renderer for dynamic UIs
ffmpeg-kit - FFmpeg Kit for applications. Supports Android, Flutter, iOS, Linux, macOS, React Native and tvOS. Supersedes MobileFFmpeg, flutter_ffmpeg and react-native-ffmpeg.
TrustKit-Android - Easy SSL pinning validation and reporting for Android.
Provenance - iOS & tvOS multi-emulator frontend, supporting various Atari, Bandai, NEC, Nintendo, Sega, SNK and Sony console systems… Get Started: https://wiki.provenance-emu.com |
Down - Blazing fast Markdown / CommonMark rendering in Swift, built upon cmark.