Category Archives: iPhone

On voices that matter

In October I’ll be in Philadelphia, PA talking at Voices That Matter: Fall iPhone Developers’ Conference. I’m looking forward to meeting some old friends and new faces, and sucking up a little more of that energy and enthusiasm that pervades … Continue reading

Posted in code-level, iPad, iPhone, Talk, threatmodel, tool-support | Leave a comment

On private methods

Let’s invent a hypothetical situation. You’re the software architect for an Objective-C application framework at a large company. This framework is used by many thousands of developers to create all sorts of applications for a particular platform. However, you have … Continue reading

Posted in code-level, iPad, iPhone, Mac, PCAS, software-engineering | Leave a comment

On detecting God Classes

Opinion on Twitter was divided when I suggested the following static analyser behaviour: report on any class that conforms to too many protocols. Firstly, a warning: “too many” is highly contextual. Almost all objects implement NSObject and you couldn’t do … Continue reading

Posted in code-level, iPad, iPhone, Mac, software-engineering, tool-support | Leave a comment

On Fitt’s Law and Security

…eh? Don’t worry, read on and all shall be explained. I’ve said in multiple talks and podcasts before that one key to good security is good user interface design. If users are comfortable performing their tasks, and your application is … Continue reading

Posted in iPad, iPhone, Mac, threatmodel, UI, user-error | 1 Comment

On NSNull as an anti-pattern

All this talk about type-safe collections may leave you thinking: but what about NSNull? Let’s say you have an array that only accepts objects conforming to MyProtocol. You can’t add +[NSNull null] to it, because it doesn’t implement the protocol. … Continue reading

Posted in code-level, iPad, iPhone, Mac | 7 Comments

On type safety and making it harder to write buggy code

Objective-C’s duck typing system is both a blessing and a curse. A blessing, in that it’s amazingly flexible. A curse, in that such flexibility can lead to some awkward problems. Something that typically happens in dealing with data from a … Continue reading

Posted in code-level, iPad, iPhone, Mac | 5 Comments

Careful how you define your properties

Spot the vulnerability in this Objective-C class interface: @interface SomeParser : NSObject { @private NSString *content; } @property (nonatomic, retain) NSString *content; – (void)beginParsing; //… @end Any idea? Let’s have a look at a use of this class in action: … Continue reading

Posted in iPad, iPhone, Mac, Vulnerability | 2 Comments

The difference between NSTableView and UITableView

A number of times, I’ve chased myself down rat holes in iPhone projects because I’ve created a design or implementation that assumes UITableView and NSTableView are similar objects. They aren’t. The main problem I come across is related to how … Continue reading

Posted in cocoa, iPad, iPhone, objc | 3 Comments

Losing your identity

Developers make use of cryptographic signatures in multiple places in the software lifecycle. No iPad or iPhone application may be distributed without having been signed by the developer. Mac developers who sign their applications get to annoy their customers much … Continue reading

Posted in Codesign, Crypto, iPad, iPhone, Mac, PCAS, Policy, Updates | Comments Off on Losing your identity

How to hire Graham Lee

There are few people who can say that when it comes to Cocoa application security, they wrote the book. In fact, I can think of only one: me. I’ve just put the final draft together for Professional Cocoa Application Security … Continue reading

Posted in book, Business, cocoa, conference, CoreData, iPad, iPhone, Java, kernel, macfuse, mach, nextstep, objc, openstep, UNIX, xcode | 2 Comments