What the AFNetworking Bug Means for Your App’s Security

by: | May 1, 2015

A reported 25,000 iOS apps are vulnerable to security issues from an AFNetworking bug found this week. We at ArcTouch have already made fixes for a few of our affected clients — but if you have an iOS app that’s publicly available and you aren’t aware of the issue, here’s what you need to know:

What is AFNetworking?

AFNetworking is one of the most popular third-party iOS libraries. It is a high-level network connection management library that makes it easier for developers to code app Internet access.  Developers most often use the library to connect an app to back-end servers.

What could go wrong with the AFNetworking bug?

If your app is vulnerable to the AFNetworking bug , a user’s encrypted data becomes exposed when on a public network. For example, if one of your users is on a coffee shop Wi-Fi network, someone could theoretically see the data that passes from your app through the network. It’s especially troubling if your app contains sensitive personal information, like banking or credit card accounts.

The AFNetworking bug fix

AFNetworking has already been updated with a fix (version 2.5.3) — but that fix won’t automatically be pushed to your app. To find out if your app uses AFNetworking, you can use this SourceDNA tool to search through your app to find it and it’ll tell you what version you have. If your app does have the AFNetworking bug, it’ll be a simple update for your developers as long as you have a recent version of AFNetworking. It’s a bit more complex to fix if your app has other library dependencies that require a 1.x version of AFNetworking. This forum on GitHub offers more advice for legacy apps.

As always, ArcTouch is happy to help if you have any questions or concerns about your app or the AFNetworking bug. Contact us to set up a consultation.