the app where I am working on was audited and the security team has a concern that consists in: so, for some reason if I extract the .ipa's payload I am able to identify which CI/CD tool was used to generate it. For example:
Terminal:
cd MyApp.app <- payload
strings * > ~/Desktop/file.txt
Inside the file I can find that we are using jenkins
/Volumes/jenkins-workspace/MyApp-Generic/MyApp/MyApp/SomeViewModel.swift
Has anyone faced this problem (if we can call it a problem)? Is there a way to obfuscate or completely remove this kind of references from the IPA?
Thanks
Swift 5.3 introduces a #fileID identifier which produces a shorter string than #file. The #fileID string contains the filename and module name, but leaves out the rest of the path to the file; this saves space, improves performance, and avoids accidentally embedding private information like the developer’s home directory name in binaries. Compiler-generated error messages (like force-unwraps) and standard library assertions like precondition and fatalError now use #fileID strings, and we recommend you use them instead of #file in production code. (SE-0285, 65514304)
This pretty much sums my problem. I am using the #file identifier in some methods (mostly for logs) and every file that calls that methods will appear embedded in the app binary.
Ref: https://developer.apple.com/documentation/xcode-release-notes/xcode-12-release-notes