Book Image

Learning iOS Penetration Testing

By : Swaroop Yermalkar
Book Image

Learning iOS Penetration Testing

By: Swaroop Yermalkar

Overview of this book

iOS has become one of the most popular mobile operating systems with more than 1.4 million apps available in the iOS App Store. Some security weaknesses in any of these applications or on the system could mean that an attacker can get access to the device and retrieve sensitive information. This book will show you how to conduct a wide range of penetration tests on iOS devices to uncover vulnerabilities and strengthen the system from attacks. Learning iOS Penetration Testing discusses the common vulnerabilities and security-related shortcomings in an iOS application and operating system, and will teach you to conduct static and dynamic analysis of iOS applications. This practical guide will help you uncover vulnerabilities in iOS phones and applications. We begin with basics of iOS security and dig deep to learn about traffic analysis, code analysis, and various other techniques. Later, we discuss the various utilities, and the process of reversing and auditing.
Table of Contents (17 chapters)
Learning iOS Penetration Testing
Foreword – Why Mobile Security Matters
About the Author
About the Reviewer

Basics of iOS and application development

Apple's mobile version of OS X operating system, which is used on Apple computers, is iOS. The iOS operating system is used on a wide range of Apple devices, including iPhone, iPad, iPod, and so on. It is derived from OS X and Unix-based operating system. In the next chapter, when we will access the iOS operating system that is running on iDevice, you will find that iOS almost has the same environment as Unix-based OS, for example, the /etc directory, /home directory, and so on.


iDevices: All Apple devices running iOS are known as iDevices.

The iOS apps are mainly developed in Objective-C. Recently, Apple introduced one more language called Swift. There are still millions of apps in App Store that are developed in Objective-C. For the scope of this book, we will focus on native apps (developed in Objective-C) and hybrid apps (developed in Objective-C with web view).

There are two parts of iOS app penetration testing (pentesting). One is black box security testing where we don't have access to the source code of application and second is white box security testing, where the client provide access to the source code. Most companies are very reluctant to release their source code as it is some of their most sensitive intellectual property. In some cases, if you are a part of a product development team, you may get access to the application's source code.

It's not a must requirement to know the iOS app development for the pentesting process but it's good to have at least the basic knowledge of it. Knowing the iOS app development will make it easier to work when the client has shared their Xcode project for white box and black box pentesting. So, in this chapter, you will learn some basics of iOS app development by developing and deploying a simple Hello World application.

First things first, you will require Xcode to develop an iOS application and it will run only on a Mac machine.


If you are a beginner, it is good to start with the Basics of iOS and application development section. However, if you are a pro in iOS development, you may skip this section and directly jump to the iOS security model section. Note that we will just see the overview of development and not all the concepts related to app development as our focus is understanding application level security and not learning iOS app development.

We will explain all the hardware and software requirements for security assessment of iOS application in lab setup in depth. However, in order to develop and test the iOS application, you will require the following minimum hardware and software setup to start development with this section:

  • Hardware requirements:

    • Mac machine: You will require Mac machine that is running OS X Mavericks or later version

    • iDevice: iPhone 4s or later version that is running iOS 7.0 or later version

  • Software requirements:

    • Xcode 5.0 or later version