ios - MITM attack reported on deprecated NSURLConnectionDelegate

Question

I have an Objective-C project whose .ipa was tested with this tool online: https://www.immuniweb.com/mobile

It reports that my app has a high risk security issue, pointing to the canAuthenticateAgainstProtectionSpace in the NSURLConnectionDelegate protocol.

This method has been deprecated by iOS after 8.0 version. My app is not using it directly anywhere and I suppose this is not used by apple also even indirectly, since it is deprecated.

I tried a sample ipa (new project with nothing in it) with Objective-C project and the same issue came for that as well. But it did not come for a sample ipa which supported Swift. Even if this is just a warning, is there a way to fix other than just supporting Swift language only?

Answer 1

The tool has detected that the .h file that defines the NSURLConnectionDelegate protocol declares the canAuthenticateAgainstProtectionSpace function. This is, of course, to be expected.

It would make more sense for the tool to report implementations of the method, not simply declarations of it

Since you haven’t implemented this method you don’t need to worry about flaws in your implementation.

As for getting rid of the issue...Don’t use the tool? It doesn’t seem very good based on this.

Is there an option to tell it not to scan .h files?