The Most Important iOS Architecture Boundary Is Not View vs ViewModel
Most mobile apps are structured well — clean layers, nice abstractions. That helps teams ship. It does not answer the security question. The real boundary is trusted vs untrusted, and the client should never be the final place where trust is decided.
The most important iOS architecture boundary is not View vs ViewModel.
It is trusted vs untrusted.
A lot of mobile apps are structured well. Clean layers. Nice abstractions. Clear ownership between UI, domain, and data.
That helps teams ship.
It does not answer the security question.
If the app is running on a device the attacker controls, then local checks are only signals:
- jailbreak detection
- debugger detection
- runtime hooks
- integrity checks
- device state
Useful? Yes.
Authoritative? No.
If the process can be observed or tampered with, then the app should not be the final place where trust is decided.
The better model is usually:
- inside the app: collect signals, detect risk, shape the UX
- outside the app: verify, score, enforce policy
That means the client can say: "something looks wrong here."
But the server decides: "does this session get access, step-up auth, limited functionality, or a hard block?"
This shift matters because many teams still treat local validation as enforcement.
It is not.
The client is where signals come from.
The trust decision should live somewhere the attacker does not control.
#iOSSecurity #MobileSecurity #AppSec #RASP #SecurityEngineering