iOS App Security and Analysis: Part 1/2

Learn how to do a basic analysis of iOS app security and maintain the security of your users’ data with code and network tools. By Derek Selander.

Leave a rating/review
Save for later
Share
You are currently viewing page 3 of 3 of this article. Click here to view the first page.

Where to Go from Here?

So far, you’ve channeled your inner hacker and have performed basic penetration tests on the filesystem and the network interaction of an example app. You’ve defeated the simple plist and can even modify network data in transit!

Your iOS app security seems pretty safe…for now. In part 2 of this tutorial, you’ll dig deeper into the guts of an app to modify its functionality. Until then, there’s still a lot to try in terms of app data:

  • Check out tools like iExplorer: iExplorer lets you examine the contents of your applications. You don’t need to jailbreak your phone in order to use it. You can explore the files that real-life apps use and see what important information they store in there.
  • Set up Charles as an SSL Proxy and test on real apps: Check out all the stuff that a random app is sending out of your iOS device while it innocently sits there with a cute UI… you might be surprised. Witnessing the network interaction of a competitor’s app can also provide incredible insight into how they solved a similar problem that requires network interaction.
  • Check out this tutorial on iOS (ARM) assembly. The next part of this tutorial will be a bit more intense – better prepare now!

It’s my pleasure to be your guide through the Dark Side – let us know how it’s going in the forums!