iOS application security analysis
Βλάχος, Κωνσταντίνος Γ.
Vlachos, Konstantinos G.
KeywordsApplication software ; Apple Inc. ; Apple iOS applications ; iOS ; Security policy ; Data protection
The purpose of this research is to explain the nature of the Apple iOS applications and provide all the available Open Source tools for analyzing them, starting from decrypting any application’s binary downloaded from the AppStore to reverse engineering it and even altering the flow of its running process on the actual device. We start introducing the basic theory of the iOS operating system and its applications including the security mechanisms incorporated by Apple that are also the main targets of every iOS exploit or jailbreak developer. The next step is to describe the process of setting up the testing environment with a Macintosh OS and the Xcode IDE and/or an actual jailbroken iOS device (iPhone, iPad, iPod). The rest of the chapters describe the installation and usage of tools to implement the whole application security analysis procedure, starting from static to dynamic analysis, after having decrypted and reverse engineered the application’s binary and even interacting in an unplanned manner with the running process to change its method calls or arguments. A walk through on Data Protection on iOS follows, describing possible ways of data leakage on such devices. Finally, a chapter is dedicated to further in-depth explanation of important technical terms used throughout the whole document. The dissertation concludes, in the last phase. In this chapter, it is being assumed that for every step in application security analysis on the iOS platform the appropriate tools have been provided in this document. Further suggestions for research are being provided for those interested too.