Does iOS 17 leave your app exposed?

iOS 17 removes Bitcode support, rendering obfuscation technologies that rely on it useless.

Promon’s new Jigsaw engine protects your native application code, integrating seamlessly post compile and delivering an essential building block for iOS 17 app security.

Book a meeting with one of our iOS app security experts to discover the native obfuscation technology protecting some of the world’s most popular iOS apps and how it can safeguard your app code against reverse engineering, unauthorized code manipulation, and generative AI threats.

Image of Andrew Whaley, Promon's Senior Technical Director

What does Bitcode deprecation mean for the future of application security?

“If LLVM disappears, then going forward, Apple’s platforms could become much harder to protect, and therefore, fewer vendors will have products available to do that.

It’s entirely possible this shake-up may compromise the security of many apps on the App Store. Whether this happens or not will depend on the adaptability of security vendors. Those using a toolchain-integrated approach will be fine for the time being, but they run the risk that this approach could be closed off without warning in the future.”

Andrew Whaley, Senior Technical Director, Promon

What is Bitcode?

Bitcode is a serialized version of LLVM’s Intermediate Representation.

A large reason for LLVM’s popular usage in app development, and therefore Bitcode’s, is that it’s open source and available to everybody. This has led to many vendors creating obfuscators that operate on bitcode. The advantage for them is that they too can also target many back-ends and also typically several front-ends. The fact that the LLVM libraries also provide all the APIs necessary for manipulating the bitcode has further contributed to its dominance.

Apple’s recent deprecation of the LLVM bitcode in Xcode has made it harder to protect MacOS and iOS apps, and few vendors have viable code obfuscation tools.

How the Promon Jigsaw engine delivers iOS app code protection

  1. Binary code obfuscation. The engine operates natively on the post-compile binary code. It is developer-tool agnostic, supporting a wide range of languages like Dart, Rust, Golang, C++, Obj-C, Swift, Xamarin.iOS, etc. It can also protect third-party libraries and is not dependent on Bitcode.
  2. Cross-platform support. Customers can access the same Jigsaw code obfuscation features and experience across multiple platforms, including iOS and Android Native, and also supports ARM and Intel architectures.
  3. Low code deployment. The Jigsaw engine is user-friendly and doesn’t require specialized knowledge. Its default settings offer strong performance in most use cases. For specific needs, customization is straightforward.
  4. Native implementation. As a native engine, Jigsaw delivers reduced implementation friction. It runs quickly and efficiently compared to other market alternatives and integrates seamlessly into CI/CD pipelines.

With the Promon Jigsaw engine, you can:

Safeguard valuable revenue streams

Protect in-app purchases, subscription models, and premium features, ensuring your monetization strategies remain intact. With a hardened app, your business can grow without disruption. 

Protect prized intellectual property 

Safeguard your app code by ensuring that proprietary algorithms, unique functionalities, and logic remain shielded from unauthorized access, imitation, or reverse engineering attempts. 

Reduce time to market

The Jigsaw engine is a low-code engine suitable for developers of varying expertise levels. As a result, performance optimization is built in, and when specific configurations are needed, it allows explicit fine-tuning.

Benefit from cutting-edge protection

The Jigsaw engine rapidly adapts to the latest threat trends and attack vectors. It will power future solutions, countering threats from reverse engineering and AI*, thereby minimizing the potential for fraud.*Future capability

Dive deeper into the key topics