Reduce Swift Reflection Metadata
| Plan | Platforms | MASVS |
|---|---|---|
| Team | iOS | MASVS-RESILIENCE-3 |
Overview
Reduce Swift Reflection Metadata reduces readable Swift reflection metadata in protected iOS builds. Use it to limit field names, type strings, and structural details that may otherwise be visible through static inspection or runtime introspection.
Swift metadata can reveal model names, fields, internal types, and app architecture even when debug symbols are removed. This control helps reduce that disclosure while preserving supported runtime behavior.
How It Works
During protected build creation, AppTego identifies supported Swift reflection metadata and reduces what is exposed in the shipped protected artifact. The protected app keeps metadata needed for normal execution while minimizing information that mainly helps analysis.
This is a build-time control. You must rebuild and redistribute the app for changes to take effect.
How to Enable the Control
Navigate to Code Obfuscation from the AppTego portal, and expand the Metadata Reduction section. Under this section you will find the Reduce Swift Reflection Metadata control. Click Enable to apply it to the next protected build.
API Configuration Example
{
"StripSwiftReflection": {
"protection": true
}
}| Field | Purpose |
|---|---|
protection | Enables reduce swift reflection metadata for protected builds. |
Use When
| Use case | Why it helps |
|---|---|
| Swift-heavy apps | Reduces readable Swift type and field information in release artifacts. |
| Apps with sensitive models | Limits exposure of domain objects, internal state names, and workflow structure. |
| Framework-based apps | Helps reduce metadata exposure from app frameworks and supported modules. |
| iOS hardening profiles | Complements Objective-C metadata reduction, symbol stripping, and string protection. |
Rollout Guidance
- Enable the control in Development.
- Build a protected IPA.
- Test Codable models, reflection-heavy code, dependency injection, analytics mapping, crash reporting, deep links, and any framework that relies on Swift type names.
- Validate core workflows on physical devices.
- Promote through Staging after QA confirms normal behavior.
Compatibility Notes
- Apps that rely on Swift reflection, type-name lookup, generated serialization, or dependency injection should test those paths carefully.
- Some metadata may be preserved where required for runtime correctness.
- Keep dSYM and crash reporting workflows intact so production incidents remain diagnosable.
Support Matrix
| Platform | Supported Versions | Notes |
|---|---|---|
| Android | Not supported | Android code metadata is handled by Android obfuscation controls. |
| iOS | All versions | Reduces supported Swift reflection metadata during protected build processing. |