Hardware Binding
Protection Module: HardwareBinding
Available For
This protection module is available for iOS 12 and later. It provides device-level binding verification to prevent application cloning and unauthorized device transfers.
| Platform | Support | Note |
|---|---|---|
| iOS | ✓ | iOS 12+ required |
| Architecture | ✓ | All architectures |
How It Works
Hardware Binding verifies that your application is running on the expected device by comparing current device identifiers and characteristics against a stored baseline. This prevents unauthorized use on different devices or cloned installations.
Detection Techniques
The module employs the following detection strategies:
- IDFV Validation: Compares Identifier For Vendor (identifierForVendor) against baseline
- Device Model Verification: Validates device model and variant against baseline
- Keychain Persistence: Verifies stored binding data in secure keychain storage
- Hardware Fingerprint Analysis: Compares device characteristics (CPU type, memory, etc.)
- Hardware Change Detection: Identifies when fundamental device characteristics change
- Temporal Validation: Checks for unrealistic device changes over time
Confidence Metrics:
- IDFV mismatch: 0.95
- Model/variant change: 0.90
- Fingerprint deviation: 0.85
- Multi-factor change: 0.92
Default Interval: Varies based on check intensity
JSON Configuration
JSON
{
"protections": [
{
"type": "HardwareBinding",
"action": "close",
"intervalMs": 300000
}
]
}{
"protections": [
{
"type": "HardwareBinding",
"action": "close",
"intervalMs": 300000
}
]
}Code-Based Configuration
Swift
Swift
import ByteHideMonitor
BHMMonitor.configure { config in
config.enableProtection(.hardwareBinding, action: .close, intervalMs: 300000)
}import ByteHideMonitor
BHMMonitor.configure { config in
config.enableProtection(.hardwareBinding, action: .close, intervalMs: 300000)
}Objective-C
OBJC
#import <ByteHideMonitor/ByteHideMonitor.h>
[BHMMonitor configure:^(BHMMonitorConfiguration *config) {
[config enableProtection:BHMProtectionModuleTypeHardwareBinding
action:BHMActionTypeClose
intervalMs:300000];
}];#import <ByteHideMonitor/ByteHideMonitor.h>
[BHMMonitor configure:^(BHMMonitorConfiguration *config) {
[config enableProtection:BHMProtectionModuleTypeHardwareBinding
action:BHMActionTypeClose
intervalMs:300000];
}];Available Actions
| Action | Behavior | Recommended For |
|---|---|---|
| Close | Terminate application immediately | Production apps with critical IP |
| Log | Record incident and continue | Development, analytics |
| Erase | Securely delete data then terminate | Financial, healthcare apps |
| Custom | Execute custom handler | Enterprise integrations |
| None | Detect only, no action | Testing configurations |
See Actions for detailed action documentation.
When to Use
Enable Hardware Binding if:
- You want to prevent application cloning on unauthorized devices
- You need to enforce device ownership verification
- You're deploying enterprise applications with device licensing
- You want to prevent use of trial apps after uninstallation
- You need to bind feature access to specific devices
- You want to prevent unauthorized device transfer of your app
- You're implementing device-specific security policies
- You need to comply with corporate mobile device management (MDM) requirements
Consider using custom actions to implement graceful fallback or license validation.
Code Examples
Swift - Basic Configuration
Swift
import ByteHideMonitor
class AppDelegate: UIResponder, UIApplicationDelegate {
func application(
_ application: UIApplication,
didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?
) -> Bool {
BHMMonitor.configure { config in
config.enableProtection(
.hardwareBinding,
action: .close,
intervalMs: 300000 // Check every 5 minutes
)
}
return true
}
}import ByteHideMonitor
class AppDelegate: UIResponder, UIApplicationDelegate {
func application(
_ application: UIApplication,
didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?
) -> Bool {
BHMMonitor.configure { config in
config.enableProtection(
.hardwareBinding,
action: .close,
intervalMs: 300000 // Check every 5 minutes
)
}
return true
}
}Swift - Custom Action with License Validation
Swift
BHMMonitor.configure { config in
config.registerCustomAction("hardware-binding-handler") { context in
let threatType = context.threatType
let description = context.threatDescription
let metadata = context.metadata
// Log the device mismatch
print("Hardware Binding Violation: \(description)")
print("Threat Type: \(threatType)")
// Extract binding details
if let bindingInfo = metadata?["bindingDetails"] as? [String: Any] {
print("Original Device: \(bindingInfo["originalDevice"] ?? "unknown")")
print("Current Device: \(bindingInfo["currentDevice"] ?? "unknown")")
print("Confidence: \(bindingInfo["confidence"] ?? 0.0)")
}
// Check license validity
let licenseManager = LicenseManager.shared
if !licenseManager.isValidForDevice() {
// Device binding failed - disable features
DispatchQueue.main.async {
let alert = UIAlertController(
title: "Device Verification Failed",
message: "This app is not licensed for this device.",
preferredStyle: .alert
)
alert.addAction(UIAlertAction(title: "OK", style: .default) { _ in
UIApplication.shared.terminate(with: 0)
})
self.window?.rootViewController?.present(alert, animated: true)
}
}
// Log to compliance system
ComplianceLogger.logDeviceBindingViolation(
originalDevice: metadata?["bindingDetails"]?["originalDevice"] as? String ?? "unknown",
currentDevice: metadata?["bindingDetails"]?["currentDevice"] as? String ?? "unknown"
)
}
config.enableProtection(
.hardwareBinding,
customAction: "hardware-binding-handler",
intervalMs: 300000
)
}BHMMonitor.configure { config in
config.registerCustomAction("hardware-binding-handler") { context in
let threatType = context.threatType
let description = context.threatDescription
let metadata = context.metadata
// Log the device mismatch
print("Hardware Binding Violation: \(description)")
print("Threat Type: \(threatType)")
// Extract binding details
if let bindingInfo = metadata?["bindingDetails"] as? [String: Any] {
print("Original Device: \(bindingInfo["originalDevice"] ?? "unknown")")
print("Current Device: \(bindingInfo["currentDevice"] ?? "unknown")")
print("Confidence: \(bindingInfo["confidence"] ?? 0.0)")
}
// Check license validity
let licenseManager = LicenseManager.shared
if !licenseManager.isValidForDevice() {
// Device binding failed - disable features
DispatchQueue.main.async {
let alert = UIAlertController(
title: "Device Verification Failed",
message: "This app is not licensed for this device.",
preferredStyle: .alert
)
alert.addAction(UIAlertAction(title: "OK", style: .default) { _ in
UIApplication.shared.terminate(with: 0)
})
self.window?.rootViewController?.present(alert, animated: true)
}
}
// Log to compliance system
ComplianceLogger.logDeviceBindingViolation(
originalDevice: metadata?["bindingDetails"]?["originalDevice"] as? String ?? "unknown",
currentDevice: metadata?["bindingDetails"]?["currentDevice"] as? String ?? "unknown"
)
}
config.enableProtection(
.hardwareBinding,
customAction: "hardware-binding-handler",
intervalMs: 300000
)
}Objective-C
OBJC
#import <ByteHideMonitor/ByteHideMonitor.h>
[BHMMonitor configure:^(BHMMonitorConfiguration *config) {
[config registerCustomAction:@"hardware-binding-handler" handler:^(BHMThreatContext *context) {
NSString *threatType = context.threatType;
NSString *description = context.threatDescription;
NSDictionary *metadata = context.metadata;
NSLog(@"Hardware Binding Violation: %@", description);
NSLog(@"Threat Type: %@", threatType);
NSDictionary *bindingInfo = metadata[@"bindingDetails"];
if (bindingInfo) {
NSLog(@"Original Device: %@", bindingInfo[@"originalDevice"]);
NSLog(@"Current Device: %@", bindingInfo[@"currentDevice"]);
NSLog(@"Confidence: %@", bindingInfo[@"confidence"]);
}
LicenseManager *licenseManager = [LicenseManager shared];
if (![licenseManager isValidForDevice]) {
dispatch_async(dispatch_get_main_queue(), ^{
UIAlertController *alert = [UIAlertController
alertControllerWithTitle:@"Device Verification Failed"
message:@"This app is not licensed for this device."
preferredStyle:UIAlertControllerStyleAlert];
UIAlertAction *okAction = [UIAlertAction actionWithTitle:@"OK"
style:UIAlertActionStyleDefault
handler:^(UIAlertAction *action) {
[UIApplication.sharedApplication terminate:0];
}];
[alert addAction:okAction];
[self.window.rootViewController presentViewController:alert animated:YES completion:nil];
});
}
[ComplianceLogger logDeviceBindingViolationWithOriginalDevice:bindingInfo[@"originalDevice"]
currentDevice:bindingInfo[@"currentDevice"]];
}];
[config enableProtection:BHMProtectionModuleTypeHardwareBinding
customAction:@"hardware-binding-handler"
intervalMs:300000];
}];#import <ByteHideMonitor/ByteHideMonitor.h>
[BHMMonitor configure:^(BHMMonitorConfiguration *config) {
[config registerCustomAction:@"hardware-binding-handler" handler:^(BHMThreatContext *context) {
NSString *threatType = context.threatType;
NSString *description = context.threatDescription;
NSDictionary *metadata = context.metadata;
NSLog(@"Hardware Binding Violation: %@", description);
NSLog(@"Threat Type: %@", threatType);
NSDictionary *bindingInfo = metadata[@"bindingDetails"];
if (bindingInfo) {
NSLog(@"Original Device: %@", bindingInfo[@"originalDevice"]);
NSLog(@"Current Device: %@", bindingInfo[@"currentDevice"]);
NSLog(@"Confidence: %@", bindingInfo[@"confidence"]);
}
LicenseManager *licenseManager = [LicenseManager shared];
if (![licenseManager isValidForDevice]) {
dispatch_async(dispatch_get_main_queue(), ^{
UIAlertController *alert = [UIAlertController
alertControllerWithTitle:@"Device Verification Failed"
message:@"This app is not licensed for this device."
preferredStyle:UIAlertControllerStyleAlert];
UIAlertAction *okAction = [UIAlertAction actionWithTitle:@"OK"
style:UIAlertActionStyleDefault
handler:^(UIAlertAction *action) {
[UIApplication.sharedApplication terminate:0];
}];
[alert addAction:okAction];
[self.window.rootViewController presentViewController:alert animated:YES completion:nil];
});
}
[ComplianceLogger logDeviceBindingViolationWithOriginalDevice:bindingInfo[@"originalDevice"]
currentDevice:bindingInfo[@"currentDevice"]];
}];
[config enableProtection:BHMProtectionModuleTypeHardwareBinding
customAction:@"hardware-binding-handler"
intervalMs:300000];
}];Platform Compatibility
| Component | iOS 12 | iOS 13+ | iOS 16+ | Notes |
|---|---|---|---|---|
| IDFV Validation | ✓ | ✓ | ✓ | Core detection mechanism |
| Device Model Verification | ✓ | ✓ | ✓ | Model and variant checking |
| Keychain Storage | ✓ | ✓ | ✓ | Secure binding baseline storage |
| Hardware Fingerprinting | ✓ | ✓ | ✓ | Multi-characteristic validation |
Performance Impact
Hardware Binding has minimal performance impact:
- CPU Usage: 0.5-1% per check cycle
- Memory Overhead: ~3-5 MB for fingerprint storage and comparison
- Check Latency: 150-300ms per detection cycle
- Background Impact: Minimal - checks run infrequently
To optimize performance:
- Increase
intervalMsto 600000 (10 minutes) for less frequent checks - Use
.noneaction for detection-only mode during development - Consider disabling during intensive operations if needed
Threat Detection Details
When a hardware binding violation is detected, the threat context includes:
JSON
{
"moduleType": "HardwareBinding",
"threatType": "DeviceBindingViolation",
"threatDescription": "Application running on different device than baseline",
"detectionResult": {
"originalIDFV": "550e8400-e29b-41d4-a716-446655440000",
"currentIDFV": "660f9500-f30c-52e5-b827-557766551111",
"originalModel": "iPhone14,3",
"currentModel": "iPhone15,2",
"confidence": 0.85
},
"metadata": {
"confidence": 0.85,
"bindingDetails": {
"originalDevice": "iPhone 14 Pro",
"currentDevice": "iPhone 15 Pro",
"idfvMismatch": true,
"modelChange": true
},
"timestamp": "2024-03-15T10:30:45Z"
}
}{
"moduleType": "HardwareBinding",
"threatType": "DeviceBindingViolation",
"threatDescription": "Application running on different device than baseline",
"detectionResult": {
"originalIDFV": "550e8400-e29b-41d4-a716-446655440000",
"currentIDFV": "660f9500-f30c-52e5-b827-557766551111",
"originalModel": "iPhone14,3",
"currentModel": "iPhone15,2",
"confidence": 0.85
},
"metadata": {
"confidence": 0.85,
"bindingDetails": {
"originalDevice": "iPhone 14 Pro",
"currentDevice": "iPhone 15 Pro",
"idfvMismatch": true,
"modelChange": true
},
"timestamp": "2024-03-15T10:30:45Z"
}
}