57
ELI5: What kind of security mechanisms do software companies use to ensure that the source code of their products will be practically impossible to discover? (discuss.tchncs.de)
submitted 7 months ago by chemicalwonka@discuss.tchncs.de to c/explainlikeimfive@lemmy.world
14 comments fedilink hide all child comments

Exemple: How does Apple guarantee that the iOS source code will not be discovered by an adversary?

Is there any type of different encryption for this case?

you are viewing a single comment's thread
view the rest of the comments
[-] afk_strats@lemmy.world 51 points 7 months ago
  1. Some people have mentioned it already but turning human-readable code to machine code is like turning a precise cake recipe into a cake. A decent baker can do it. Any developer can compile existing code. Going from a baked cake to a precise recipe requires a chemistry lab and a team of highly-trained scientists. Same thing for code. You'll need a highly-experienced and specialized programmer to turn a program into legible code. Its almost always easier to just rebuild from scratch.

However companies do other things as well.

  1. Companies sometimes purposefully compress and obfuscate their code to make it hard to unpack. This happens a lot on the web where a website might have code sent to your machine in a format which could have been legible. But before they send it to you, they run the code through a program which adds extra steps, renames things, and reorders things and removes extra spaces... all to make it hard to read.

  2. Some companies will encrypt their code or programs to varying degrees. Some will do it at the storage level, such as DRM or modern disk-based videogames. The data in these games is "locked" behind passwords and keys which can only work if the program "calls home" to Steam or Xbox or whatever and those providers let the game be opened. It's more complicated than this but that's the basics.

  3. A lot of companies have moved their code "into the cloud". That means, instead of giving you a full piece of software, you only get the front-end, or the pictures and words you see on screen. The actual program lives on the company's servers which you don' have access to. You only get to send those servers inputs, and they return outputs back to your screen.

  4. Companies can make their code secret from internal developers by breaking programs up into smaller pieces. Say you're a developer at Apple. You might be assigned on the specific part of the system which opens apps from the home screen and may only get access to that part of the system so if your development machine gets hacked, the hackers don't know ALL the inner workings of iOS.

I'm sure there are more ways but this is a start.

this post was submitted on 05 Apr 2024
57 points (96.7% liked)

Explain Like I'm Five

14205 readers
1 users here now

Simplifying Complexity, One Answer at a Time!

Rules

  1. Be respectful and inclusive.
  2. No harassment, hate speech, or trolling.
  3. Engage in constructive discussions.
  4. Share relevant content.
  5. Follow guidelines and moderators' instructions.
  6. Use appropriate language and tone.
  7. Report violations.
  8. Foster a continuous learning environment.

founded 1 year ago
MODERATORS
Rikudou_Sage@lemmy.world
sabbah@lemmy.world
AradFort@lemmy.world
rikudou
Don_Dickle@lemmy.world