Open Source Apple iPhone Security Apps
Sort By:
Security Apps for Apple iPhone
View 783 business solutionsBrowse free open source Security apps and projects for Apple iPhone below. Use the toggles on the left to filter open source Security apps by OS, license, language, programming language, and project status.
-
Gemini 3 and 200+ AI Models on One PlatformBuild generative AI apps with Vertex AI. Switch between models without switching platforms.
-
Catch Bugs Before Your Customers DoMove from alert to fix before users notice. AppSignal monitors errors, performance bottlenecks, host health, and uptime—all from one dashboard. Instant notifications on deployments, anomaly triggers for memory spikes or error surges, and seamless log management. Works out of the box with Rails, Django, Express, Phoenix, Next.js, and dozens more. Starts at $23/month with no hidden fees.
-
1
frida
Dynamic instrumentation toolkit for developers
Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. Inject your own scripts into black box processes. Hook any function, spy on crypto APIs or trace private application code, no source code needed. Edit, hit save, and instantly see the results. All without compilation steps or program restarts. Works on Windows, macOS, GNU/Linux, iOS, Android, and QNX. Install the Node.js bindings from npm, grab a Python package from PyPI, or use Frida through its Swift bindings, .NET bindings, Qt/Qml bindings, or C API. Frida is and will always be free software (free as in freedom). We want to empower the next generation of developer tools, and help other free software developers achieve interoperability through reverse engineering. We are proud that NowSecure is using Frida to do fast, deep analysis of mobile apps at scale. Frida has a comprehensive test-suite and has gone through years of rigorous testing across a broad range of use-cases. -
2
OpenH264
Open Source H.264 Codec
Cisco has taken their H.264 implementation and open-sourced it under BSD license terms. Development and maintenance will be overseen by a board from the industry and the open-source community. Furthermore, we have provided a binary form suitable for inclusion in applications across a number of different operating systems and made this binary module available for download from the Internet. We will not pass on our MPEG-LA licensing costs for this module, and based on the current licensing environment, this will effectively make H.264 free for use on supported platforms. OpenH264 is a codec library which supports H.264 encoding and decoding. It is suitable for use in real-time applications such as WebRTC. Constrained Baseline Profile up to Level 5.2 (Max frame size is 36864 macro-blocks). Arbitrary resolution, not constrained to multiples of 16x16. Rate control with adaptive quantization, or constant quantization. -
3
Mullvad VPN desktop and mobile app
The Mullvad VPN client app for desktop and mobile
In a society that is increasingly determined to weaken that right, a fast, reliable and easy-to-use VPN connection is a good first step towards achieving this. By connecting to the Internet with Mullvad, we ensure that traffic to and from your device is encrypted to the highest standards, even when using public Wi-Fi in a coffee shop or hotel. We do not keep activity logs or ask for personal information, and we even encourage anonymous payments using cash or any of the accepted cryptocurrencies. Your IP address will be replaced with one of ours, ensuring that device activity and location are not linked to your user. Using Mullvad is quick and easy - just download and install the app. Don't spend time on complicated setup and multi-step registration processes. We designed Mullvad to be easy to use. Privacy is essential in a well-functioning society, as it allows norms, ethics and laws to be safely debated and challenged. Without privacy, a free and open society cannot flourish or exist. -
4
Mobile Verification Toolkit
Helps with conducting forensics of mobile devices
Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices. It has been developed and released by the Amnesty International Security Lab in July 2021 in the context of the Pegasus project along with a technical forensic methodology and forensic evidence. MVT is a forensic research tool intended for technologists and investigators. Using it requires understanding the basics of forensic analysis and using command-line tools. This is not intended for end-user self-assessment. If you are concerned with the security of your device please seek expert assistance. Compare extracted records to a provided list of malicious indicators in STIX2 format. Generate JSON logs of extracted records, and separate JSON logs of all detected malicious traces. -
Try Google Cloud Risk-Free With $300 in CreditUse your credit across every product. Compute, storage, AI, analytics. When it runs out, 20+ products stay free. You only pay when you choose to.
-
5
Tamper Dev
Extension that allows you to intercept and edit HTTP/HTTPS requests
If you are a developer, you can use Tamper Dev to debug your websites, or if you are a pentester, you can use it to search for security vulnerabilities by inspecting the HTTP traffic from your browser. Unlike most other extensions, Tamper Dev allows you to intercept, inspect and modify the requests before they are sent to the server. This extension provides functionality similar to Burp Proxy, MITM Proxy, OWASP ZAP, Tamper Data, and Postman Proxy, but without the need of additional software, with full support of HTTPS connections, and trivial to set-up (just install). -
6
Proxyman
Web Debugging Proxy for macOS, iOS, and Android
Don't let cumbersome web debugging tools hold you back. With Proxyman's native macOS app, you can capture, inspect, and manipulate HTTP(s) traffic with ease. Intuitive, thoughtful, built with meticulous attention to detail. Comprehensive Guideline to set up with iOS simulator and iOS and Android devices. Proxyman acts as a man-in-the-middle server that capture the traffic between your applications and SSL Web Server. With built-in macOS setup, so you can inspect your HTTP/HTTPS Request and Responses in plain text with just one click. Narrow down your search with Proxyman's Multiple Filters. You can combine complex filtered criteria like Protocol, Content-Type, URL, Request Header, Response Header, Body, etc that find exact what you're looking for. -
7
Lantern
Tool to access videos, messaging, and other popular apps
Can't access your favorite apps? Download Lantern to easily access videos, messaging, and other popular apps while at school or work. Lantern is an application that allows you to bypass firewalls to use your favorite applications and access your favorite websites. Lantern does not cooperate with any law enforcement in any country. Lantern encrypts all of your traffic to blocked sites and services to protect your data and privacy. Lantern passed multiple third party white box security audits to ensure security of our code. Lantern is easy to use, just download and install to start streaming, browsing and using apps, no configuration required. No installation, no registration, no registration, no configuration, just click and go! All you have to do is install it and hit the POWER button! Don't wait forever for your applications to load or the website to appear in your browser. Connect with Lantern and get there fast! -
8
Brook
Brook is a cross-platform strong encryption and not detectable proxy
Brook is a cross-platform strong encryption and not detectable proxy. Brook's goal is to keep it simple, stupid and not detectable. You can run commands after entering the command-line interface. Usually, everyone uses the command line interface on Linux servers. Of course, Linux also has desktops that can also run GUI. Of course, macOS and Windows also have command-line interfaces, but you may not use them frequently. Usually, the applications opened by double-clicking/clicking on macOS/Windows/iOS/Android are all GUIs. Usually, if you use Brook, you will need a combination of Server and Client, Of course Brook CLI also has many other independent functions. The Brook CLI file is an independent command file, it can be said that there is no concept of installation, just download this file to your computer, run it after granting it executable permissions in the command line interface. -
9
Adguard for iOS
The most advanced ad blocker for iOS
The most advanced Safari content blocker and a privacy keeper for iOS. AdGuard for iOS is an app that blocks ads in the Safari browser at an exceptional level and also provides additional Premium features like configurable DNS settings, encrypted DNS support (DOH, DOT, DNSCrypt), and custom ad-blocking subscriptions. To get more information and to download AdGuard for iOS, visit our website. AdGuard for Windows is more than an ad blocker. It is a multipurpose tool that blocks ads, controls access to dangerous sites, speeds up page loading, and protects children from inappropriate content. AdGuard shields your data from web analytics and online trackers. AdGuard protects against phishing and malicious sites. AdGuard shields children from inappropriate and adult content. -
10
IOS6 and recent iTunes updates have broken a few features. We have made some partial fixes, but they are not complete. If you'd like to help support our development, or take over the development please let us know. Explore the internal file structure of your iphone (or of a seized phone in the case of forensic teams) using either the iphone's own backup files or (for jail broken iphones) ssh. Viewing of plist, sqlite, and hex are supported. IOS 5 is now supported iOS 6 only partially works at the moment (some features fail or are missing). Unfortunately paid work means we can't fix this right now, but would welcome anyone else submitting patches.
-
11
libsodium
A modern, portable, easy to use crypto library
libsodium is a modern, portable, and easy-to-use cryptographic library that serves as an API-compatible fork of NaCl. Consistent behavior and formats across supported platforms. It enhances the original design with build and portability improvements, making it widely deployable across platforms for secure encryption, signatures, hashing, and key derivation. Digital signature creation and verification support. Adds extended cryptographic primitives like BLAKE2 and ChaCha20-Poly1305 beyond NaCl. -
12
shadowsocks-libev
Bug-fix-only libev port of shadowsocks
Shadowsocks-libev is a lightweight secured SOCKS5 proxy for embedded devices and low-end boxes. Shadowsocks-libev is written in pure C and depends on libev. It's designed to be a lightweight implementation of shadowsocks protocol, in order to keep the resource usage as low as possible. Snap is the recommended way to install the latest binaries. You can build shadowsocks-libev and all its dependencies by script. The latest shadowsocks-libev has provided a redir mode. You can configure your Linux-based box or router to proxy all TCP traffic transparently, which is handy if you use an OpenWRT-powered router. Although shadowsocks-libev can handle thousands of concurrent connections nicely, we still recommend setting up your server's firewall rules to limit connections from each user. We strongly encourage you to install shadowsocks-libev from jessie-backports-sloppy. -
13
santoku
Mobile Forensics, Malware Analysis, and App Security Testing
Santoku is an easy to use, Open Source platform, dedicated to mobile forensics, analysis, and security. Version 0.5: md5: c2dcab27e6444730acc9bc351f34e543 sha1: 4d39adc01c443ac24a53a33f0ac077980d77c1fe sha256: ed72a014033c621c0da632b7e9853920b834a4bceae4427513737f7cf5ff0f55 -
14
Ente
End-to-end encrypted cloud for photos, videos and 2FA secrets
Ente is a fully open-source, end‑to‑end encrypted cloud platform designed for securely storing and managing your photos, videos, and 2FA secrets — without needing to trust the service provider. It includes cross‑platform clients and a CLI for self‑hosting needs. Ente is a service that provides a fully open source, end-to-end encrypted platform for you to store your data in the cloud without needing to trust the service provider. On top of this platform, we have built two apps so far: Ente Photos (an alternative to Apple and Google Photos) and Ente Auth (a 2FA alternative to the deprecated Authy). This monorepo contains all our source code - the client apps (iOS / Android / F-Droid / Web / Linux / macOS / Windows) for both the products (and more planned future ones!), and the server that powers them. -
15
OWASP Mobile Application Security
Manual for mobile app security testing and reverse engineering
The OWASP Mobile Application Security (MAS) flagship project provides a security standard for mobile apps (OWASP MASVS) and a comprehensive testing guide (OWASP MASTG) that covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results. MAS Advocates are industry adopters of the OWASP MASVS and MASTG who have invested a significant and consistent amount of resources to push the project forward by providing consistent high-impact contributions and continuously spreading the word. -
16
Adblock Fast
Adblock Fast is a new, faster ad blocker for Android, iOS, Chrome
Just as webpages grew bloated with ads, so too have ad blockers grown bloated with little-used filtering rules and features that sap their speed and hog your computer or device’s disk space, CPU cycles, and memory. Adblock Fast executes a mere 7 optimized filtering rules to accelerate pages 8x more but consume 6x less system resources than other ad blockers do. Adblock Fast was created and is maintained by Rocketship, an award-winning app studio whose mission is to design and develop the finest desktop and mobile experiences in the universe. Adblock Fast is a new, faster ad blocker for desktop computers and mobile browsers. Adblock Fast’s ruleset is derived from EasyList and that of Bluhell Firewall. Adblock Fast is available for Windows 7 and up, Android 5.0 and up with Samsung Internet 4.0 and up, and iOS 9 and up on 64-bit devices (iPhone 5s and up and iPad mini 2 and up). -
17
Haven
Protect personal spaces and possessions without compromising privacy
Haven is for people who need a way to protect their personal spaces and possessions without compromising their own privacy, through an Android app and on-device sensors. Haven is for people who need a way to protect their personal areas and possessions without compromising their privacy. It is an Android application that leverages on-device sensors to provide monitoring and protection of physical areas. Haven turns any Android phone into a motion, sound, vibration and light detector, watching for unexpected guests and unwanted intruders. We designed Haven for investigative journalists, human rights defenders and people at risk of forced disappearance to create a new kind of herd immunity. By combining the array of sensors found in any smartphone, with the world’s most secure communications technologies, like Signal and Tor, Haven prevents the worst kind of people from silencing citizens without getting caught in the act. -
18
Keybase client
Keybase Go library, client, service, OS X, iOS, Android, Electron
Keybase is secure messaging and file-sharing. We use public key cryptography to ensure your messages stay private. Even we can’t read your chats. Keybase works for families, roommates, clubs, and groups of friends, too. Keybase connects to public identities, too. You can connect with communities from Twitter, Reddit, and elsewhere. Don’t live dangerously when it comes to documents. Keybase can store your group’s photos, videos, and documents with end-to-end encryption. You can set a timer on your most sensitive messages. This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software. -
19
ObjectivePGP
ObjectivePGP is an open-source library for iOS and macOS
ObjectivePGP is an open-source library for OpenPGP encryption, decryption, signing, and verification in Objective-C and Swift. It enables developers to add PGP-based security to iOS and macOS apps. -
20
SSL Kill Switch 2
Blackbox tool to disable SSL certificate validation
Blackbox tool to disable SSL/TLS certificate validation - including certificate pinning - within iOS and macOS applications. Once loaded into an iOS or macOS application, SSL Kill Switch 2 will patch low-level functions responsible for handling SSL/TLS connections in order to override and disable the system's default certificate validation, as well as any kind of custom certificate validation (such as certificate pinning). It was successfully tested against various applications implementing certificate pinning including the Apple App Store. The first version of SSL Kill Switch was released at Black Hat Vegas 2012. Installing SSL Kill Switch 2 allows anyone on the same network as the device to easily perform man-in-the-middle attacks against any SSL or HTTPS connection. This means that it is trivial to get access to emails, websites viewed in Safari and any other data downloaded by any App running on the device. -
21
CryptoSwift
Collection of standard and secure cryptographic algorithms
The master branch follows the latest currently released version of Swift. If you need an earlier version for an older version of Swift, you can specify its version in your Podfile or use the code on the branch for that version. Older branches are unsupported. Swift Package Manager uses debug configuration for debug Xcode build, that may result in significant (up to x10000) worse performance. Performance characteristic is different in Release build. XCFrameworks require Xcode 11 or later and they can be integrated similarly to how we’re used to integrating the .framework format. Embedded frameworks require a minimum deployment target of iOS 9 or macOS Sierra (10.12). CryptoSwift uses array of bytes aka Array<UInt8> as a base type for all operations. Every data may be converted to a stream of bytes. You will find convenience functions that accept String or Data, and it will be internally converted to the array of bytes. -
22
JJException
Protect the objective-c application
Common problems will not crash by the JJException, Hook the Unrecognized Selector, Out of bound, the parameter is nil, etc. Throw the exception to the interface, and then save the exception record to the log, and upgrade the app or Hot-Fix to resolve the exception. -
23
Bitwarden Mobile Application
The mobile app vault (iOS and Android)
The Bitwarden mobile application is written in C# with Xamarin Android, Xamarin iOS, and Xamarin Forms. Manage, store, secure, and share unlimited passwords across unlimited devices from anywhere. Bitwarden delivers open-source password management solutions to everyone, whether at home, at work, or on the go. Generate strong, unique, and random passwords based on security requirements for every website you frequent. Bitwarden Send quickly transmits encrypted information, files and plaintext, directly to anyone. Passwords are protected with advanced end-to-end encryption (AES-256 bit, salted hashtag, and PBKDF2 SHA-256) so your data stays secure and private. Generate strong, unique, and random passwords based on security requirements for every website you frequent. Bitwarden translations exist in 40 languages and are growing, thanks to our global community. -
24
ThumbmarkJS
World's best free browser fingerprinting library
ThumbmarkJS is an MIT-licensed browser fingerprinting library that produces stable fingerprints with 90% uniqueness. It works with normal and private browsing. ThumbmarkJS is a free, open‑source browser fingerprinting JavaScript library, designed as an alternative to FingerprintJS. It generates distinct, persistent device fingerprints using web APIs like canvas, audio, fonts, WebGL, and more, enabling identification of browsers across sessions, even in incognito or cleared-cache scenarios. It supports both client-side-only installs via CDN and npm, with optional API integration for improved uniqueness. -
25
Wi-PWN
ESP8266 firmware for performing deauthentication attacks
ESP8266 firmware for performing deauthentication attacks, with ease. Wi-PWN is a firmware that performs death attacks on cheap Arduino boards. The ESP8266 is a cheap microcontroller with built-in Wi-Fi. It contains a powerful 160 MHz processor and it can be programmed using Arduino. A deauthentication attack is often confused with Wi-Fi jamming, as they both block users from accessing Wi-Fi networks. The 802.11 Wi-Fi protocol contains a so-called deauthentication frame. It is used to disconnect clients safely from a wireless network. Because these management packets are unencrypted, you just need the MAC to address of the Wi-Fi router and of the client device which you want to disconnect from the network. You don’t need to be in the network or know the password, it’s enough to be in its range. With the 802.11w-2009 updated standards, management frames are encrypted by default.
