iOS Code Signing Best Practices

Minyoung Sim from LINE breaks down iOS code signing in forensic detail, revealing how Apple's security mechanism validates every app before execution. This isn't your typical overview.

This deep technical dive from LINE's AIR ARMOR team explains how iOS code signing works under the hood, from provisioning profiles to Mach-O binary structures. The article walks through the complete verification chain that prevents tampered apps from running on iOS devices.

Key Takeaways

• iOS verifies app integrity through Mach-O binary code signatures and hash validation
• Provisioning profiles contain certificates, device lists, entitlements, and expiration dates
• CodeDirectory stores hash values for each 0x1000 page of binary code
• specialHash array validates five critical components including entitlements and resources
• CMS signatures in BlobWrapper prevent attackers from updating CodeDirectory after tampering

The article includes actual command-line examples for inspecting provisioning profiles, extracting certificates, and verifying checksums that most developers never see.