🍏 Static Analysis – iOS Testing

Explore how to dissect and analyze iOS apps without executing them

🔎 What is Static Analysis?

Static analysis is the process of analyzing the source code or compiled binaries of an iOS application without executing it. This technique is essential in identifying security flaws, sensitive data leaks, hardcoded credentials, and insecure configurations before runtime.

🎯 Why Perform Static Analysis?

🛠️ Step-by-Step iOS Static Analysis Workflow

Step 1: Obtain the iOS App

You'll need an .ipa file (iOS App Archive) of the target application.

  • If jailbroken: download from device via scp
  • From App Store: use tools like ipatool
  • From MDMs or test platforms (e.g., TestFlight)

Step 2: Unzip and Explore the Contents

Extract the IPA (which is a ZIP) to access the app bundle:

unzip target_app.ipa -d extracted_app/

Navigate to Payload/AppName.app to find:

  • Info.plist – configuration file
  • Binary executable (usually no extension)
  • Embedded provisioning profile

Step 3: Analyze the Info.plist

This file contains critical metadata and settings.

/usr/libexec/PlistBuddy -c "Print" Info.plist

Look for:

  • NSAppTransportSecurity (e.g., Allow Arbitrary Loads)
  • CFBundleURLTypes (can be abused in URL schemes)
  • UIFileSharingEnabled (if true, local data exposure)

Step 4: Strings and Binary Review

Use strings or class-dump to analyze the binary:

strings AppName | grep -i "password\|api\|key"
class-dump AppName -H -o headers/

This helps uncover class definitions, method names, and potentially insecure logic.

Step 5: Reverse Engineering Tools

  • Ghidra – for decompiling and analyzing native code
  • Hopper / IDA Pro – interactive disassemblers
  • MobSF (Mobile Security Framework) – automated static analysis

Example MobSF command:

./run.sh
Upload the IPA via browser interface: http://localhost:8000

🌍 Real-World Scenario

During the static analysis of a financial app:

💡 Pro Tips

🧰 Recommended Tools for iOS Static Analysis