📄️ App Installation
There are multiple ways to get the target application installed properly on to the test device.
📄️ App Environment
There are two directories that make up a complete app installation; Bundle & Data. These two directories are located in different parts of the file system. There can be a third directory available in some cases. This is called the App Group Shared Data directory. This is an area where apps from the same development team can share data across multiple apps.
📄️ Decrypt App
iOS apps that are installed from the Apple App Store will be protected with Apple's Digital Rights Management (DRM) software called FairPlay. However, when the app launches, iOS will load it unencrypted into memory. So, defeating this is as simple as extracting the app from memory. Either of the two tools below will easily automate this for you.
📄️ iOS App Types
During the intelligence gathering phase, you will want to determine the type of app you are testing. This could be an app written in Objective-C, Swift, SwiftUI, or using Hybrid technologies. This information will be helpful in later sections when you are probing the app for vulnerabilities.
📄️ Minimum iOS Version
One of the keys in the Info.plist file is the ‘MinimumOSVersion’. The MinimumOSVersion is important because it defines the set of permissions and OS features that are supported in the app. If the latest version of iOS is 14, but the app you are testing has a minimum OS version of iOS 11, then the app is not taking advantage of the newer features and security updates.
📄️ App Permissions
iOS apps define their permissions in the Info.plist file that is included with the app. If an app attempts to use a permission that is not defined in this file, the app will crash.