# Security countermeasures
The NFC Wallet SDK includes countermeasures for common mobile threats.
### Coverage by flow
#### Provisioning
Provisioning includes wallet enrollment and Tokenization.
During provisioning, the NFC Wallet SDK protects against:
* **Debugger attached**
* **Man-in-the-middle (MITM) attack**
* **Jailbroken device**
* **Non-designated application signing certificate**
* **Hooking detection**
* **Debug build used in Production Environment**
* **Binary tampering detection**
#### Payment
During payment, the NFC Wallet SDK protects against:
* **Debugger attached**
* **Hooking detection**
* **Debug build used in Production Environment**
* **Binary tampering detection**
### Countermeasures
The countermeasures below apply to each security threat.
Debugger attached
* **Threat**: An attacker attempts to reverse engineer the digital wallet application by attaching a debugger at runtime.
* **Applies to**: Provisioning, Payment
* **Build type**: `Release`
* **SDK behavior**: Returns an error during SDK initialization, provisioning, and payment when a debugger is attached.
Man-in-the-middle (MITM) attack
* **Threat**: An attacker attempts to intercept network traffic between the digital wallet application and the Cloud Provisioning Service (CPS).
* **Applies to**: Provisioning
* **Build type**: `Release`
* **SDK behavior**: Returns an error when TLS server certificate validation fails.
Jailbroken device
* **Threat**: A jailbroken device runs the digital wallet application.
* **Applies to**: Provisioning
* **Build type**: `Debug`, `Release`
* **SDK behavior**: Returns an error on jailbroken devices during provisioning.
Non-designated application signing certificate
* **Threat**: The digital wallet application is not signed with the designated certificate.
* **Applies to**: Provisioning
* **Build type**: `Debug`, `Release`
* **SDK behavior**: Returns an error and fails wallet secure enrollment.
* **Setup**: Configure the signing certificate hash during onboarding. See [Provide onboarding data](https://docs.payments.thalescloud.io/nfc-wallet-sdk-ios/get-started/configuration/2.-onboarding).
Hooking detection
* **Threat**: An attacker attempts to hook method calls to monitor or modify runtime behavior.
* **Applies to**: Provisioning, Payment
* **Build type**: `Debug`, `Release`
* **SDK behavior**: Returns an error when hooking is detected.
Debug build used in Production Environment
* **Threat**: The App Store application integrates the `Debug` build of the NFC Wallet SDK.
* **Applies to**: Provisioning, Payment
* **Build type**: `Debug`
* **SDK behavior**: Returns an error when the SDK detects a production-signed application using the `Debug` build.
Binary tampering detection
* **Threat**: An attacker attempts to modify the digital wallet application or SDK binary.
* **Applies to**: Provisioning, Payment
* **Build type**: `Debug`, `Release`
* **SDK behavior**: Returns an error when tampering is detected.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.payments.thalescloud.io/nfc-wallet-sdk-ios/security-and-privacy/security-countermeasures.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.