Usage of NSClassFromString in IMA iOS SDK

25 views
Skip to first unread message

Weili Liu

unread,
Aug 14, 2025, 8:03:32 AM Aug 14
to Interactive Media Ads SDK
Hi,

Our security scan flagged the Google IMA iOS SDK (version 3.23.0) due to the presence of NSClassFromString calls in the binary.

Since NSClassFromString is inherently insecure, can you reimplement the functionality in a safe manner? In the meantime, can you explain how is this method being currently used and if you have additional mitigations in place to alleviate security risks

We need this information to address concerns raised during our security review.

Thanks

IMA SDK

unread,
Aug 14, 2025, 3:57:42 PM Aug 14
to wl...@ideanovatech.com, ima...@googlegroups.com

Hi,

We are checking your issue and will get back to you shortly. Meanwhile, your patience is important.


Thanks,
Google Logo
IMA SDK Team

Feedback
How was our support today?

rating1 rating2 rating3 rating4 rating5
[2025-08-14 19:57:30Z GMT] This message is in relation to case "ref:!00D1U01174p.!500Ht01sz6Ch:ref" (ADR-00329953)



IMA SDK

unread,
Aug 18, 2025, 3:24:26 PM Aug 18
to wl...@ideanovatech.com, ima...@googlegroups.com

Hi,

Thank you for contacting the IMA SDK Support team.

It is always recommended to use the latest version of the SDK. As of today the latest version of the SDK is 3.26.1. Could you please verify if the aforementioned issue can be replicated in our most recent version?

Could you please provide screenshots of the error encountered while scanning the application and specify which tool is being used for further investigation?

Thanks,
Google Logo
IMA SDK Team

Feedback
How was our support today?

rating1 rating2 rating3 rating4 rating5

[2025-08-18 19:24:17Z GMT] This message is in relation to case "ref:!00D1U01174p.!500Ht01sz6Ch:ref" (ADR-00329953)



Weili Liu

unread,
Aug 22, 2025, 4:50:54 AM Aug 22
to Interactive Media Ads SDK
Hi, I've inspected the 3.26.1 SDK version and it exhibited the same behavior. I'll get back to you on the screenshots.

Weili Liu

unread,
Aug 26, 2025, 3:26:50 AM Aug 26
to Interactive Media Ads SDK
Hi IMA Team,

I've attached the screenshot of the security scan. Please let us know what the next steps are. 

Thanks

Screenshot 2025-08-21 at 9.16.57 PM 1.png

IMA SDK

unread,
Aug 26, 2025, 9:45:53 AM Aug 26
to wl...@ideanovatech.com, ima...@googlegroups.com

Hi,

I will check with the team and get back to you shortly.

Thanks,
Google Logo
IMA SDK Team

Feedback
How was our support today?

rating1 rating2 rating3 rating4 rating5

[2025-08-26 13:45:43Z GMT] This message is in relation to case "ref:!00D1U01174p.!500Ht01sz6Ch:ref" (ADR-00329953)



Reply all
Reply to author
Forward
0 new messages