Let’s say I release an app that contains a certificate as a resource file that I use to validate something within my app. Could a malicious third party modify that certificate in any way, thereby potentially circumventing my validation? Or are iOS apps compiled/signed/distributed in a way where modifying resource files inherently breaks it?
In case this is a danger, I could imagine an md5 checksum of the certificate file would potentially resolve the issue…but not sure if this is necessary (or even if it is safe enough).
Additional questions:
- If not by default, would jailbroken devices allow this?
- What about macOS apps where there are fewer limits?
Some more background for this thought experiment:
- the certificate itself is not a secret, so I wouldn’t care about it being accessible by the 3rd party
- I understand such modification would only affect the app of the given 3rd party user and they would have no way of distributing it (well, at least for iOS); the question is if they could use it locally