Unlike Android, iOS apps can also leak sensitive information the way they are implemented.
A majority of the developers allow users to copy and paste data from different areas of the app. This can potentially include some confidential information since these features can be potentially exploited.
We will now hook the iGoat app to Cycript by running cycript –p PID
to look at what has been copied from the apps and see whether we are able to extract that information by running [UIPasteboard generalPasteboard].items
in Cycript, as shown in the following screenshot:
The preceding screenshot leaks the credit card number under public.utf8-plain-tex
t 4123456790456789
; this information can be anything, such as the social security number, e-mail ID, and so on.