Your Swift app is full of symbols, even if stripped.

Dave PoirierDave Poirier
1 min read

We have been drilled that we should strip debugging symbols before releasing our app on the App Store. Apple even does this automatically for us in the build settings when we create a new project.

However when we are using Swift as our programming language, a certain feature called Reflection, embeds in the app binary all the necessary names and types of every class/struct you have defined in your project so you can Mirror() the object and list all the attributes/types dynamically at runtime.

This trove of information is an incredible source of information to hackers. Apparently, this can be controlled by a Swift compiler flag SWIFT_REFLECTION_METADATA_LEVEL.

I stumbled on this in an Apple Developer Forum post: https://developer.apple.com/forums/thread/720978

Which lead me to this Apple Documentation page: https://developer.apple.com/documentation/xcode/build-settings-reference#Reflection-Metadata-Level

So if you are securing an iOS/macOS app, make sure to go into your Xcode project build settings, and find Swift Compiler General -> Reflection Metadata Level and set the value to None.

1
Subscribe to my newsletter

Read articles from Dave Poirier directly inside your inbox. Subscribe to the newsletter, and don't miss out.

iOSmacOSappsecmobile securitySwift

Written by

Dave Poirier
Dave Poirier

I love technology and everything related, from gadgets to new professional techniques. I like thinking, researching, optimizing, inventing and developing. I have a strong background in software research and development, operating systems, Voice-over-IP, network security, wired and wireless network engineering, complemented with electronic engineering background. My career goal is to always keep learning, to be challenged, and to work remotely so I can be present for my family. Bug hacker and master troubleshooter, my strength is understanding a problem and getting to the root of it. I'm mostly a self-taught individual and a constant learner. I push my technical boundaries daily and search for ways to improve my skills every day. With over 20 years of experience writing software in various languages, creating or optimizing algorithms, the digital development world is my turf. Sample challenges which I particularly enjoyed: Created a GLSL based magnification tool for a client who was turned down by three other companies as "impossible to do on macOS". Optimized several SQL queries to reduce load time of a particular web page from several seconds to sub 50ms. Identified the root cause of stuttering animations in iOS mobile app and implemented mitigation strategy Specialties: Swift, Objective-C and PHP Software Development; TCP/IP and Wireless Network Engineering