What do I do if my app (that I have launched on the App Store) is hacked?

Mous772 wrote:

Nah I'm not looking to work in crypto 😅

Maybe you should clarify what you mean by the term "hacked".

There are so many posts here in the forums and on other social media about "hacking". They are almost all trying to convince people that Apple has poor security and they are going to be hacked unless they install one or more 3rd party "security" tools and/or constantly monitor Apple's own software. Here's today's entry: How can I monitor xProtect logs and versi… - Apple Community

Most of the replies here in this thread are assuming that you have been successfully misinformed by all this and are worried about the security of your app. But now that I think about, maybe you are worried about something different? Maybe you're worried about software piracy. It's not that hackers are going to hack your app to deliver malware, but that hackers are going to hack your app to steal it.

For developers, software piracy is a major concern. Whereas "hacking" is literally a one-in-a-million event that certain people try to turn into a Big Deal, software piracy is extremely common but never mentioned by those same people.

If you are just starting out, then you probably don't need to worry about software piracy. In this case, you should should just consider the pirates to be free marketing. If you ever get to the point where you are, or could be, earning real income from your apps, then you will need to look at this more closely.

Apple has tools to help developers secure their apps and services from pirates. Successful implementation may be more of a challenge. Few developers are actually successful. Few of those successful developers are actually honest. So for most developers who aren't making any money, there's no need to worry.

But if you ever get any level of measurable financial success, then you will definitely have to worry about privacy. Never assume that you are too small to be noticed. You will be noticed and pirated. You just don't need to be concerned until it begins to cost you revenue. If you ever get to that point, e-mail me. I know some tricks.

What do you do if your app is hacked? Apple likely yanks the app.

Then you get to figure out what happened and how, and the scale and scope of the reputational and business and customer damage, and whatever legal repercussion might arise.

OWASP has some app guidelines.

From Apple, some background:

• Apple Platform Security - Apple Support
• Security Overview - Apple Developer
• Safeguard your accounts, promotions, and content - WWDC21 - Videos - Apple Developer (more videos)

In general, I usually start the core of the app design from the data and the debugging outward, and add the functions around and onto that core. Best is often to treat sensitive data as pollution, avoid having it around, and getting rid of it as quickly as practicable.

App and data and server security is an immense topic area.

Again, app design and data privacy and data integrity and information security are each immense topic areas.

i’d get your data model and your app structures and server requirements sorted first.

As for some hypothetical breach, either you notice the security issue with the app or with your backend servers and ask Apple to pull the app, or to provide and quickly update the app, or whether Apple noticies and pulls the app. What notices get sent if Apple detects a security problem with an app and pulls it, I don’t know.

What detection and debugging and telemetry you might incorporate into the app and into the backend servers (if any) to detect potential corruption or compromise will vary by local requirements and exposures, as well.

If app development itself is more generally unfamiliar (and that as might be inferred here), there are app development classes and software development programs around, though coding schools and boot camps and even colleges can all be a mixed bag. Some are good, and some are little more than student loan debt creation schemes.

Past what Apple encourages with connection security and privacy and related topics, you will want to avoid having sensitive data, will want to get rid of sensitive data, and to store data appropriately and only for as long as necessary. What you don’t have can’t be compromised.

What’s sensitive and what is protected and what is problematic or criminal or what can lead to personal injury or worse can vary by a user’s own situation or country or region of residence, too.

An app that might process or transfer money (potentially including KYC and AML regulations, PCI requirements, etc) or passwords or health data or such obviously has larger security exposures and risks than might a solitaire app, and apps with exposures to cheating or fraud require more thought and more effort than does a painting app. Which is a lot of words for “it depends”.

Don’t have and don’t keep data you don’t need, encrypt what you must have, don’t create your own encryption scheme, timezones and addresses and names are all much more complex and much more subtle than most realize, networks can and will inevitably fail in the most annoying ways and at the most inopportune times, client devices and client connections can’t always be trusted, devices get lost and passwords get forgotten, etc.

TL;DR: This whole area is immense and sometimes subtle, you’re headed toward consulting time with somebody with experience in app and/or information security design, or toward hiring developers with experience in the areas needed, or toward a combination.

MrHoffman wrote:

If the app or service is aligned with cryptocurrency or ilk, I wouldn’t assume that.

Then it would be a scam, not an app or service.

Unfortunately, the edit to my post removed more than just my off-colour RFK joke. I'm operating under the assumption that most people are simply misinformed by all the people trying to misinform them. A new developer who wants to learn the trade by writing either crypto or "security" apps is a danger to themselves and/or to others.

Mous772 wrote:

Honestly I’m more worried due to the fact my app has email and phone numbers as a part of signing in, as well as chat functionality which may house private conversations.

In that case, Apple will most likely just reject your app entirely. You're playing with fire there.

It's not your app you would need to secure, but your back-end database. That's a whole different world. It's unlikely you would accumulate enough of other people's personal information to be a target, but if you did, you'd probably be a soft target. I recommend reviewing laws about collection, sharing, and storing of personal information. Pay close attention to data breach disclosure requirements. Most penalties are civil, but they could be criminal in some cases. And remember, since Apple runs a global market, you'll need to comply with all local laws everywhere that your app is distributed. Have fun!

Mous772 wrote:

well I now have a new fear of software piracy so that’s fun 😅

Honestly I’m more worried due to the fact my app has email and phone numbers as a part of signing in, as well as chat functionality which may house private conversations. I’m only looking for a solution to ensure these points are not jeopardised.

You will be storing cryptographically hashed passwords, or storing passkeys, of course. Or using asymmetric keys. Or using Sign in with Apple and/or some other authentication providers. Or probably a combination of these. Not cleartext passwords, and not digest (message) hashes.

If all you’re storing are access credentials to some service, there are existing mechanisms that can help. Some of the back-end server environments can usually assist there.

You’ll need a password recovery mechanism reasonably proof against scams and phishing, too.

Your conversation network connections and most (all?) of your other connections will likely be using ephemeral-keyed TLS. That largely all falls out of using the Apple frameworks (App Transport Security, etc), as well.

For data storage locally or in iCloud, compromise is isolated to individual users, and advanced data protection can likely be of assistance. On your own servers, you really don’t want to have a way to decrypt that user data yourself.

Depending on what you’re up to here, and which behemoths you are considering competeing with, look up the details on the Signal Double Ratchet / Axolotl Ratchet implementation, too.

Piracy is going to happen irrespective of your efforts to prevent that, same for cheating in games, which usually means spending a token amount against that, and means assuming (as was mentioned earlier) compromised clients can exist, and potentially or necessarily some work involving detecting compromised clients from the servers. Clients and client-provided data often can’t be trusted.

Pragmatically, you’re going to be hiring some folks with some fairly expensive experience including with distributed security and distributed authentication, or wrapping an existing (and preferably secure) messaging implementation. This “business idea” isn’t a small project, based on extrapolation from what little info you’ve provided. You’ll inherently be intentionally making compromises all over that you’ll have to revisit and rework later, too.

Your app isn't going to get hacked.

[Edited by Moderator]

etresoft wrote:

Your app isn't going to get hacked.

If the app or service is aligned with cryptocurrency or ilk, I wouldn’t assume that.

etresoft wrote:

Unfortunately, the edit to my post removed more than just my off-colour RFK joke.

Darn! I missed it.