Skip to main content


Showing posts from October, 2015

App Transport Security - iOS 9

App Transport Security is a feature that improves the security of connections between an app and web services. The feature consists of default connection requirements that conform to best practices for secure connections. Apps can override this default behavior and turn off transport security.

All connections using the NSURLConnection, CFURL, or NSURLSession APIs use App Transport Security default behavior in apps built for iOS 9.0 or later, and OS X v10.11 or later. Connections that do not follow the requirements will fail.

App Transport Security Technote

When you are aware of the risks you can still completely disable ATS for your app by editing the Info.plist:


To have a bit more of security you could define exceptions from the exceptions and apply ATS to specific domains only:


Google Protocol Buffers for Swift

What are protocol buffers?

Protocol buffers are Google's language-neutral, platform-neutral, extensible mechanism for serializing structured data – think XML, but smaller, faster, and simpler. You define how you want your data to be structured once, then you can use special generated source code to easily write and read your structured data to and from a variety of data streams and using a variety of languages.

Developers Google
Protocol Buffers with Spring


An implementation of Protocol Buffers in Swift.

Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. This project is based on an implementation of Protocol Buffers from Google.


tvOS SDK: An iOS Developer’s Initial Impressions

Chris Wagner and the rest of the Tutorial Team have been digging into the tvOS SDK and are already hard at work preparing some tutorials on tvOS (stay tuned!), but to tide you over in the meantime, Chris Wagner wanted to share my initial impressions of tvOS from an iOS developer’s perspective.

TVML AppsCustom Apps

Ray Wenderlich
Apple TV Markup Language
TVMP Catalog Sample Code

Mobile Backend as a Service: Parse and AWS

AWS Mobile Hub
AWS Mobile Hub is the fastest way to build mobile apps powered by AWS. It lets you easily add and configure features for your apps, including user authentication, data storage, backend logic, push notifications, content delivery, and analytics. After you build your app, AWS Mobile Hub gives you easy access to testing on real devices, as well as analytics dashboards to track usage of your app – all from a single, integrated console. runs on AWS
Amazon Video
Focus on creating amazing user experiences and forget complex infrastructure. Instantly add a powerful cloud database, push notification services, and analytics tracking to your app. Choose from over thirteen native SDKs for mobile, desktop, and IoT devices and discover all that Parse has to offer.

BTW: Parse is dead :(

Carlos - flexible and powerful cache layers in your application

Carlos is a small set of classes, functions and convenience operators to realize custom, flexible and powerful cache layers in your application. By default, Carlos ships with an in-memory cache, a disk cache and a simple network fetcher(disk cache and network fetcher are inspired by HanekeSwift). With Carlos you can: create levels and fetchers depending on your needs, either through classes or with simple closurescombine levelstransform the key each level will get, or the values each level will output (this means you're free to implement every level independing on how it will be used later on). Some common value transformers are already provided with CarlosApply post-processing steps to a cache level, for example sanitizing the output or resizing imagesreact to memory pressure events in your appautomatically populate upper levels when one of the lower levels fetches a value for a key, so the next time the first level will already have it cachedenable or disable specific levels of y…

Reverse Engineering iOS

Reverse-Engineering iOS Apps: Hacking on Lyft Conrad covers many concepts & tools that can used to reverse-engineer existing apps, as well as debug other libraries and even your own code. He even demonstrates the art of reverse engineering on Lyft’s iOS app, injecting code into it and inspecting its network traffic. Using Conrad’s techniques, you can expose the code behind any app on the App Store.
Reverse-Engineering Lyft (1:44) Peeking into Lyft (2:48) Inspecting Network Traffic - Charles Demo (4:08) Injecting Code into Apps - Cycript Demo (7:44) Decrypting Executables - dumpdecrypted Demo (11:28) Analyzing the Executable - IDA Demo (13:47) Finding Lyft’s URL Scheme (18:23)