An iOS starter project for teams that want two things from day one:
- a small passive security-check module for debugger, hook, and jailbreak signals
- a CI pipeline that builds an XCFramework and audits the produced binary
This is intentionally not a full RASP product. It is a compact starting point for teams that want a reusable Swift package plus a binary-audit workflow they can extend.
This starter is built around passive, local signals:
- debugger presence
- common hook / instrumentation indicators
- common jailbreak indicators
It assumes you want lightweight on-device checks and a repeatable release audit, not a complete anti-tamper platform.
MobileSecurityKitSwift package- passive checks for debugger, suspicious injected dylibs / Frida port, and jailbreak indicators
- a simple policy layer that maps findings to
allow,review, orblock - tests for the public report surface
- GitHub Actions CI
- release workflow that builds and publishes an XCFramework
make auditbinary inspection step for shipped artifacts
Sources/MobileSecurityKitTests/MobileSecurityKitTests.github/workflows/ci.yml.github/workflows/release.ymlMakefile
swift build
swift test
make xcframework
make auditimport MobileSecurityKit
let report = SecurityAudit.audit()
switch report.decision {
case .allow:
print("Environment looks clean")
case .review, .block:
for finding in report.threats {
print("\(finding.type): \(finding.detail)")
}
}You can also call SecurityDetector.run(_:) directly if you want only a subset of checks and apply your own policy instead of using report.decision.
If you keep the URL-scheme-based jailbreak check enabled, add the schemes you want to query under LSApplicationQueriesSchemes, for example:
<key>LSApplicationQueriesSchemes</key>
<array>
<string>cydia</string>
<string>sileo</string>
<string>zbra</string>
<string>filza</string>
<string>activator</string>
</array>Without that allowlist, canOpenURL checks will be incomplete on modern iOS.
The XCFramework audit currently inspects:
- DWARF debug info presence
- stack canary references
- PIE / ASLR-related flags
- code signing state
- exported symbol surface
- unexpected undefined symbols
- Objective-C metadata exposure
- bitcode presence
These checks are intentionally simple and shell-based so they are easy to adapt inside CI.
- These checks are heuristic and bypassable.
- A clean report does not prove a trusted device.
- A flagged report does not automatically mean malicious behavior.
- Local checks should be treated as signals and combined with app-side or server-side context.
- Some detections depend on platform behavior that can change across iOS versions.
Use this as a starter if you want to:
- prototype passive mobile security checks in public
- ship a binary with a repeatable audit step
- extend the detector set with your own organization-specific logic
Do not treat the built-in checks as a complete security solution. They are examples and scaffolding.
Phase 1 in this repo:
- stronger public documentation
- explicit limitations and setup notes
- simple policy layer on top of raw findings
Future improvements:
- confidence / severity on each finding
- richer integrity and tamper checks
- example app integration
- machine-readable audit output
- clearer separation between detector modules and policy modules