I agree, some times we face issue to bypass by cause of different logic of how the code is written and what function to call. Also would like to thank you and appreciate you for such a simple walk through of the concept and issue.

I love your videos..! They are always so detailed and they always focus on things that you simply cant find in normal iOS tutorials. Keep them coming..! 🎉🎉🙏🏻🙏🏻

1. Encrypt and decrypt , request and response using AES, 2. Proxy check 3. SSL pinning 4. Rooted Device check 5. Virtual device check ( if we have implemented pallycon don't neet to check ) These are security for iOS application security

I'm preparing for my iOS interviews. This concept been asked couple of times. Thank you for sharing your knowledge !!!

Haven't been able to find a better explanation in the whole internet! 👏

Thanks, you made it simple, I was trying to learn this concept from long back but due to complex explanations I was not able to grab it.👍

Very good explanation. We have one query. Please clear this. How we are sending a encrypted key to server after successful verification of server certificate with our bundle certificate?

Pallav, you are very good in Programming and clear about the concepts. Thanks for helping. 🙏🏻

Awesome Bro.. No one has ever explained http to SSL Pinning in such a way till date !!! Keep up the good job.. loads on Love for your video content.. :-) Any pointers or guideline usage for SwiftShield for obfuscation ? per you explanation we got the hang that the function names and variables are given random names so that no one can know what is being used for what.. having more complexity.

Excellent video. Thanks for making the concept clear in a very easy-to-understand way and also through a simple demo.

Best iOS tutorial video ever seen! 🎉❤

Thanks for sharing video. It is awesome. Could you pls explain certificate transparency and which technology to use to avoid security concerns. How bank apps are managing

Great video. Explained in a very clear way. Thanks Pallav!

I may be mistaken, but I believe your short clip that attempts to describe asymmetric encryption is actually defining end-to-end encryption, which does use asymmetric encryption…. Although asymmetric encryption refers to a private key & public “key pair” (which differs from symmetry encryption), there are multiple ways asymmetric encryption can be implemented (ie. Diffie-Hellman Key exchange). In your short video clip you conveyed that asymmetric encryption is E2EE, which is incorrect. E2EE is 1 great implementation of asymmetric encryption, but asymmetric encryption is not E2EE. Overall, thanks for your videos, honestly. You do a fine job.

amazing explanation sir.. my question is after this handoff, what next ?? how to handle all the apis... suppose i need the PERSON data then what i need to do???

Thank you for the video! Am I the only one who heard the word "Jazz" when the speaker were saying "Charles" 😅

MaZA aa gya , dhaga khul gya MITM ka

Thanks so much. This is the 3rd video that you made that I'm studying. Thanks!!!

Your posts are always helpful!! Thanks for your efforts. I have a question, is it possible to extract entities like public key and the api keys from the ipa ?? If so, what are the ways to save them in the app safely?

Best explanation i have seen so far. Can you please also make video on how ofuscation is done??

Great video dude, thanks a lot! How about the certificate we keep in our bundle, shall we store it in Keychain for safety? or just add it into our project? Because, attackers might do a reverse engineering and even get access to the certificate we are storing in bundle.

Thank you so much for very clear explanation, the way you explain makes the hard topic which are difficult to understand look easy. Please keep sharing with us awesome videos.

Nice to see that you are covering the topics which are not covered by most of the tutors over the internet. Thank You Sir. Lots of love. 🙏

I need to implement this for one of my projects, that project communicates to multiple domains, will it be possible to do pinning for various domains or can we do it for one and can trust communication for others? I would greatly appreciate how we can achieve this any idea or thought.

Hi iCode I have implemented SSL pinning through public key pinning in one of my app. But I'm getting different keys from the server while running the app in the device. Sometimes the public key from the server is matching and sometimes it's not. Can you please tell me what's going wrong here? Thanks in advance.

This was really detailed and Helpful Video👍

Thank you sir ur videos helping me a lot to grow my knowledge because I am a fresher so I am in a begging stage thanks again

Can this be done for third party APIs such as Google APIs?

Million thanks for such a hot topic with beautiful explanation ✌️✌️

Clear explanation.. Keep doing more videos💫💥

Please continue to make informative videos like this. Videos that other people aren't making!

Thank you very much Sir. Could you please make Videos on what is DRM, fairplay and widevine etc

thanks for sharing such informative video with us. may i know is there any paid tool which can intercept API despite having certificate pinning ??? please let me know if anything.

We can add another layer also with SSL pinning , means we can check device is rooted or not if device is rooted we can terminate app.

Wonderful 🥇 video for complex topic

But if we use DNS poisoning we can easily bypass SSL pining, isn't it?

please make video on PKCS12 for security. also make one overview video on what are the ways to implement various levels of security.

Great video...Thanks for the information...may I please know how to achieve obfuscation?

What prevents the MITM downloading the same certificate as the real webserver. Would this bypass SSL pinning check?

Do we need to write the didReceiveChallenge method for every new or another web service call?

Thank you so much for clearing my one doubt. Thanks a ton.

I love these iOS security videos. Do more, please!

In case of ssl pinning hacked. We can also use Safety net implementation or Appattest service. Like, we use captcha in our web app. And we also can implement jail break for rooted device. Thing will be secure. After jail break implementation no one will be able to open app with rooted device.

How can we implement dynamic SSL pinning in swift?

Why policy array not used?

Thanks for the explanation!!

Perfect explanation, dude. Subscribed :D Thanks

SecTrustGetCertificateAtIndex is deprecated in ios 15. any solution?..

Nice explanation

loved the explanation , good job

great explained.

Excelente Video

For Public Key pinning, as we are keeping Public Key hard coded in iOS code, that public key need to be same even after SSL certificate renewal. Is that my understanding correct?

can we patch smali to bypass certificate pinning ?

Excellent tutorials . Good explanation

Great video💯

Thanks Pallav. You video is very informative

Love this Video. Thank You.

App in the production if It’s possible to expire the certificate how we could to update it? We need to get the updated certificate through the api?

What if man in middle have the public key of our server certificate? Since it wont chanve with tym, its more prone to issues like leaking of public keys...please clarify?

I Have followed step, which is given in the medium blog for public key pinning, not working for me. Always getting wrong hash, compared to hash generated from terminal

Superb explanation 👍

Awesome and knowledge filled as always... Thank you. 💐

Superb man Please keep posting

Nice video thank you

Sir where is public key pinning!!!

i am waiting for this type of videos thank you

Good one 👍

Hi Pallav, Hope you are doing well ! I would request you to please make a video in Hindi language also.

I guess that this method is not working on https protocols right?

You are great 😮😮

Interesting , thank you for sharing.

I like a lot your tutorial 👍.Perfect

it doesnt make app secure it just hide app developer and backend problem. allow user to intercept traffic so they can see who is making network calls.

How to perform obfuscation ???

❤🎉🎉

Great tutorial..

Great!!!!

👍👍

:-)Thank you