Getting started with Monitor on iOS
An autonomous security agent that lives inside your iOS application, with full visibility into runtime state, device integrity, and application behavior.
An autonomous security agent that lives inside your iOS application, detecting and responding to threats in real-time with full visibility into device state, runtime behavior, and application integrity.
What is ByteHide Monitor?
Your iOS application runs on devices you do not control. Attackers use jailbreak tools, debuggers, hooking frameworks, and MITM proxies to analyze and manipulate your application directly. Traditional perimeter security cannot help here because there is no perimeter.
ByteHide Monitor is an autonomous security agent that runs inside your application as a parallel process, with full visibility into the runtime environment. It detects reverse engineering attempts, jailbroken devices, memory dumping, process injection, network tampering, and integrity violations. Because it operates inside the application, it can detect threats that no external tool can see, including zero-day techniques using behavioral analysis rather than signature matching.
Key characteristics:
- Auto-Initialization: Activates before
main()via Objective-C+load()method - Swift and Objective-C: Full support for both languages
- CocoaPods and SPM: Install via CocoaPods or Swift Package Manager
- Zero Code Required: Cloud configuration mode requires no code changes
Quick Start
Quick Start
Get Monitor running in under 5 minutes with zero-config cloud setup
CocoaPods / SPM
Install via CocoaPods or Swift Package Manager
Configuration API
Cloud, JSON, and programmatic configuration options
Protection Modules
14 runtime protections for mobile threat detection
Available Protections
Monitor detects and prevents threats in real-time on iOS devices:
| Protection | Description |
|---|---|
| Debugger Detection | Detect LLDB, Frida, and instrumentation tools |
| Jailbreak Detection | Detect Cydia, Sileo, checkra1n, unc0ver |
| Simulator Detection | Identify iOS Simulator environments |
| Tampering Detection | Verify IPA signature and bundle integrity |
| Clock Tampering | Detect system time manipulation |
| Memory Dump Detection | Detect memory scanning and dumping tools |
| Process Injection | Detect DYLD_INSERT_LIBRARIES and code injection |
| Network Tampering | Identify MITM proxies (Charles, Burp Suite) and VPN tampering |
| Hardware Binding | Bind sessions to specific device hardware fingerprints |
| Screen Recording Detection | Detect screen recording, AirPlay mirroring, and ReplayKit |
| Screenshot Detection | Detect screenshot capture events |
| Overlay Detection | Detect UI overlays and tapjacking attacks |
| Library Injection Detection | Detect Frida, Substrate, and unauthorized dylib injection |
| Keychain Integrity Detection | Detect certificate injection and MITM proxy certificates |
How It Works
- Add the Dependency: Install via CocoaPods or Swift Package Manager
- Configure Your Token: Set the ByteHide project token
- Configure Protections: Use cloud dashboard, JSON file, or programmatic API
- Deploy: Monitor auto-initializes at runtime and enforces protections
- Monitor: View incidents, devices, and sessions from the cloud panel
Changes made in the dashboard take effect without rebuilding your app.