Currently, there are no commonly present issues solely for the Native iOS development platform. For more general issues or questions, visit FAQ page. You can also check out the Issues section of our GitHub repository, where you can report issues and view existing reports.

Variables

TalsecConfig

Specifies configuration for your app. See the table below for detailed description of the attributes.

Classes

public class Talsec

Methods

public static func start(config: TalsecRuntime.TalsecConfig)

• The method used to start freeRASP's audit.

Protocols

public protocol SecurityThreatHandler

Methods

func threatDetected(_ securityThreat: TalsecRuntime.SecurityThreat)

• Notifier about detected threats.

Enums

public enum SecurityThreat : String, Codable, CaseIterable, Equatable

Cases

• signature

• jailbreak

• debugger

• runtimeManipulation

• passcode

• simulator

• missingSecureEnclave

• systemVPN

• deviceChange

• deviceID

• unofficialStore

📦 Add the dependency

1. From GitHub, Copy Talsec folder into your Application folder.

2. Drag & drop the Talsec folder to your .xcworkspace.

3. Add TalsecRuntime framework to Target > Build Phases > Link Binary With Libraries.

4. In the General > Frameworks, Libraries, and Embedded Content choose Embed & Sign.

Note: In case you are using Carthage, the zipped version of the framework is included in the GitHub Releases.

⚙️ Setup the Configuration for your App

To ensure freeRASP functions correctly, you need to provide the necessary configuration. All required values must be filled in for the plugin to operate properly. Use the following template to configure the plugin. Detailed descriptions of the configuration options are provided on the API page.

In the AppDelegate import TalsecRuntime and add the following code (e.g., in the didFinishLaunchingWithOptions method.:

let config = TalsecConfig(
    appBundleIds: ["YOUR_APP_BUNDLE_ID"], 
    appTeamId: "YOUR TEAM ID", 
    watcherMailAddress: "WATCHER EMAIL ADDRESS", 
    isProd: true
)

👷 Handle detected threats

You can handle the detected events using handlers. For example, you can log the event, show a window to the user or kill the application. See the Threat detection to learn more details about the performed checks and their importance for app security.

1. Anywhere in your project (e.g. in AppDelegate), add the following code as an extension:

   AppDelegate.swift

   Copy

   import TalsecRuntime
   
   extension SecurityThreatCenter: SecurityThreatHandler {
       public func threatDetected(_ securityThreat: TalsecRuntime.SecurityThreat) {
           print("Found incident: \(securityThreat.rawValue)")
       }
   }

2. Use the code above for handling these types of events:

   TalsecRuntime

   Copy

   public enum SecurityThreat: String, Codable, CaseIterable, Equatable {
       /// app integrity / repackaging / tampering
       case signature = "appIntegrity"
       /// jailbreak
       case jailbreak = "privilegedAccess"
       /// debugger
       case debugger = "debug"
       /// runtime manipulation / hooks
       case runtimeManipulation = "hooks"
       /// disabled passcode
       case passcode
       /// passcode change
       case passcodeChange
       /// simulator
       case simulator
       /// missing Secure Enclave
       case missingSecureEnclave
       /// device binding
       case deviceChange = "device binding"
       /// changed deviceID
       case deviceID
       /// unofficial store or Xcode build
       case unofficialStore
       /// Detected system VPN
       case systemVPN
   }

🛡️ Start freeRASP

Invoke the following method right after setting up the TalsecConfig in previous steps.

...
let config = TalsecConfig(...)
Talsec.start(config: config)