Further to the earlier answers there are now several 3rd party tools that offer some degree of obfuscation and integrity protection including :-
- Arxan,
- Metaforic,
- Cryptanium
They vary in capabilities and include :-
- Control flow obfuscation e.g. ARM instruction flows are mangled with redundant instructions to try to hide the original purpose of the code,
- Class and Method renaming - renames your methods and classes to meaningless names although you have to be careful where this is used as you can easily break your app because the Objective-C runtime is expecting to find certain names,
- String encryption - all static strings in the app are encrypted and code is inserted to decrypt the strings just before use in order to make static analysis harder
- Anti-debug - code is inserted to break the usual debuggers (not always successfully),
- Anti-tamper - usually builds a network of checksums that protect the binary code from modification,
- Objective-C runtime protection - usually checks obj-c registered method implementations to make sure that they are in the app and haven't been 'swizzled'.
All of these tools are very expensive and not without their problems so you really need an application that requires a high degree of integrity in order to consider them e.g. banking or where DRM is very important.
For these types of app you will also need skilled penetration testers to ensure that your app is not exposed in other ways as these tools are often only as good as the people using them and there are still other OS vulnerabilities that will need mitigating that the tools don't address.
