Security question on shipping iphone app

Forgive my ignorance in this issue as I am a noob.

If I ship an iPhone application that connects with a web server in a mySQL database, and the database has sensitive information, can someone read the objective-C code of my app and find my database information?

More开发者_C百科 simply, is there a way for someone to look at my code in a shipping app?

Kurt

Reverse engineering of iPhone apps is absolutely possible.

A more likely attack however would be using a network packet sniffer to analyze the communications between your app and the server. Unless you're using encryption, it's extremely easy to do this. Even with encryption I suppose this is not much of a challenge for an attacker with strong motivation, though.

Yes, an iPhone/iPad app will be stored by iTunes as a file with a .ipa extension, and the contents of this file can be examined.

People can't see the original source code, but the object code and data will all be visible, so reverse-engineering is definitely possible.

For more details, see http://dvlabs.tippingpoint.com/blog/2009/03/06/reverse-engineering-iphone-appstore-binaries