# FYP on iOS application ## Paper-1: ### The Structure of iOS Apps #### Structure of iOS file(.ipa file): ``` /Payload/ /Payload/Application.app/ /iTunesArtwork /iTunesArtwork@2x /iTunesMetadata.plist /WatchKitSupport/WK /META-INF ``` Payload folder - Contain all data iTunesArtwork - contain app icon iTunesMetadata.plist - contains various bits of information, ranging from the developer's name and ID, the bundle identifier, copyright information, genre, the name of the app, release date, purchase date, etc. META-INF - contains meta data ### Mobile security testing >> Mobile apps differ in that there is a smaller attack surface and therefore more security against injection . >> Prioritize data protection on the device and the network to increase mobile security. >> Fragmentation:Using out dated version API . For an app to be supported on these out-of-date devices, it would have to be created using an older version of Android's API which may lack important security features. For maximum security, the best choice is to create apps with the current API version even though that excludes some users. #### Mobile App Security Testing ##### CLASSICAL CONTEXT: Here user try to access a nearly finished or production ready version of the app, identifies sec issues, and writes a report. ##### It is charcterized by the implementation of requriements and the automation of security tests from the beginning of the software development life cycle onwards. ##### Black box testing => zero knowledge testing. tester having no idea about the information about the app being tested.the sense of exploring possible uses for publicly available and discoverable information. ##### White box testing => full knowledge testing. Availability : source code, documentation, and diagrams ##### Gray-box testing => some information is provided to the tester (usually credentials only), and other information is intended to be discovered. > Recommended testing => white box ##### Vulnerability Analysis Automated scanners are used to identify the main vulnerabilites. Types of vulnerability analysis: 1. Static analysis 2. Dynamic analysis ##### Static analysis by OWASP * Performed as part of a Code Review * Running of static code analysis tools that attempt to highlight possible vulnerabilites within static source code by using tech such as **Taint analysis and data flow analysis**(helps in finding sec flaws with high degree of confidence) * Techniques to analyse potential vulnerabilites. * Data flow analysis : It is used to collect run time data(dynamic) while it is in static state. * Key terms used: * Basic block => control enters at the beginning of a block, control leaves at the end of a block and the block cannot halt or branch out except at its end. * Control Flow Analysis => the flow of data * Control Flow Path => the flow of path of data * Control flow graph : Graph Representation using nodes that represent block of nodes . A node in a graph represnts a block.Directed edges are used to represent jumps (paths) from one block to another. If a node only has an exit edge, this is known as an ‘entry’ block, if a node only has a entry edge, this is know as an ‘exit’ block. * Taint analysis : Identify variables that have been tained with user controllable input and traces them to possible vulns fns know as sink. If any of tained variable get passed to a sink without being sanitized it is flagged as a vuln.Perl and RUby as taint checking built into them and enabled in certain situations such as accepting data via CGI. * Lexical Analysis : source code to tokens of info in an attempt to abstract the source cide and make it easier to manipulate. ``` [Pre-tokenised PHP source code: ](https://owasp.org/www-community/controls/Static_Code_Analysis) <?php $name = "Ryan"; ?> ``` >>>Many of these tools have difficulty analyzing code that can’t be compiled. * Limitations * False positives: * False Negatives: * Dynamic analysis : The main objective of dynamic analysis is finding security vulnerabilities or weak spots in a program while it is running. They are analysed at mobile app requests and response patters. They are condected for backend servies and APIs.