Message | Description |
---|---|
Application Behaviors |
Forensic data highlights a list of the potential behaviors that might have been observed while interacting with the application. A brief description of each behavior, potential use, and the applicable architecture (MACH–O slice) in which that behavior was detected are included. Analysis Type: Static |
ASL |
Debug logs are designed to detect and correct application flaws. Detected Apple System Logger (ASL) messages while performing dynamic analysis are presented as forensic data. These messages were written to specific locations on the disk (such as /etc/system.log) and can leak sensitive information that might allow an attacker to carry out a more powerful attack. Analysis Type: Dynamic |
Cert |
Any certificates used by the application are displayed as forensic data, covering the type of key, number of bits, serial number, URL, and common name associated with each certificate. Analysis Type: Dynamic |
Entitlements |
Confers specific capabilities or security permissions to an iOS application. Forensic data show specific entitlements along with associated values. Analysis Type: Static |
GeoIP |
Network communications are monitored as the application is running to locate where the application is sending its data. Analysis Type: Dynamic |
iOS Keychain |
Highlights any activity where the app calls the iOS Keychain, indicating when keychain items were created, deleted, or queried. Analysis Type: Dynamic |
IPA Crypto Data Flows |
CommonCrypto calls are analyzed to determine if any sensitive data is protected using symmetric encryption, hash-based message authentication codes, and digests. Analysis Type: Dynamic |
IPA Dynamic Log |
Analysis Type: Dynamic |
IPA Metadata |
Informational details about the compiled binary that were observed during dynamic analysis of the application. Example metadata includes the supported app versions, various flags set in the application, bundle information, identified behaviors, important libraries, and more. Many of these items are already being analyzed and separated out into their own individual checks and results. Analysis Type: Static |
IPA Network Data Flows |
CFURLConnection requests are analyzed to determine if any sensitive data is transmitted over the network. Analysis Type: Dynamic |
IPA Sensitive Data Cert Validation |
Related to the hostname verification issue, sensitive data that can be intercepted over the network due to improper certificate validation and/or hostname verification is searched. Sensitive data includes usernames, passwords, GPS coordinates, wi-fi MAC address, International Mobile Equipment Identity (IMEI), device serial number, and phone number. Analysis Type: Dynamic |
IPA Sensitive Data Flow |
This test uses methods that proxy all TLS/SSL communications sent by the application. During this process, we search the traffic for sensitive search values, including username, password, GPS coordinates, wi-fi Mac address, International Mobile Equipment Identity (IMEI), serial number, and phone number. Analysis Type: Dynamic |
IPA Sensitive Data HTTP AdID |
Traffic is analyzed to determine if the advertising ID (AdID) is insecurely transmitted over the network without encryption. Analysis Type: Dynamic |
IPA Sensitive Data HTTP (Custom Values) |
Traffic is analyzed to determine if custom terms are insecurely transmitted over the network without encryption. Analysis Type: Dynamic |
IPA Sensitive Data HTTP Device Information |
Traffic is analyzed to determine if device information is insecurely transmitted over the network without encryption. Analysis Type: Dynamic |
IPA Sensitive Data HTTP Email |
Traffic is analyzed to determine if any email addresses are insecurely transmitted over the network without encryption. Analysis Type: Dynamic |
IPA Sensitive Data HTTP First Name |
Traffic is analyzed to determine if the user’s first name is insecurely transmitted over the network without encryption. Analysis Type: Dynamic |
IPA Sensitive Data HTTP GPS Latitude |
Traffic is analyzed to determine if the user’s GPS latitude coordinate is insecurely transmitted over the network without encryption. Analysis Type: Dynamic |
IPA Sensitive Data HTTP GPS Longitude |
Traffic is analyzed to determine if the user’s GPS longitude coordinate is insecurely transmitted over the network without encryption. Analysis Type: Dynamic |
IPA Sensitive Data HTTP IDFV |
Traffic is analyzed to determine if the Identifier for Vendors (IDFV) is insecurely transmitted over the network without encryption. Analysis Type: Dynamic |
IPA Sensitive Data HTTP Last Name |
Traffic is analyzed to determine if the user’s last name is insecurely transmitted over the network without encryption. Analysis Type: Dynamic |
IPA Sensitive Data HTTP Local WiFi MAC |
Traffic is analyzed to determine if the local wi-fi MAC address is insecurely transmitted over the network without encryption. Analysis Type: Dynamic |
IPA Sensitive Data HTTP Password |
Traffic is analyzed to determine if the user’s password is insecurely transmitted over the network without encryption. Analysis Type: Dynamic |
IPA Sensitive Data HTTP Phone Number |
Traffic is analyzed to determine if the user’s phone number is insecurely transmitted over the network without encryption. Analysis Type: Dynamic |
IPA Sensitive Data HTTP Surrounding WiFi MAC |
Traffic is analyzed to determine if the surrounding wi-fi MAC address is insecurely transmitted over the network without encryption. Analysis Type: Dynamic |
IPA Sensitive Data HTTP Username |
Traffic is analyzed to determine if the username is insecurely transmitted over the network without encryption. Analysis Type: Dynamic |
IPA Sensitive Data HTTP ZIP Code |
Traffic is analyzed to determine if any sensitive data is transmitted insecurely over the network without encryption. For this check, instances of the zip code were searched across any intercepted traffic. Analysis Type: Dynamic |
IPA Sensitive Data Keychain (Custom Values) |
iOS keychain entries are monitored and custom terms are searched. Analysis Type: Dynamic |
IPA Sensitive Data Keychain Other |
iOS keychain entries and values related to the instrumented test device (e.g., device ID, GPS coordinates, etc.) are searched. Analysis Type: Dynamic |
IPA Sensitive Data Keychain Password |
iOS Keychain entries are monitored and instances of the password are searched. Analysis Type: Dynamic |
IPA Sensitive Data Keychain Username |
iOS keychain entries are monitored and instances of the username are searched. Analysis Type: Dynamic |
IPA Zip File in Transit Check |
Detects whether ZIP files are being sent by the application in transit over HTTP. ZIP files can lead to a remote arbitrary file write, which could allow an attacker remote code execution. Analysis Type: Dynamic |
IPA Zip File in Transit Check Https |
Determines if ZIP files are being sent by the application over HTTPS. ZIP files can lead to a remote arbitrary file write, which could allow an attacker to carry out a remote code execution attack. Analysis Type: Dynamic |
Leaked ASL Data AdID |
ASL messages are analyzed for advertising ID (AdID) exposure. Debug logs, which are designed to detect and correct flaws in an application, can leak sensitive information that might help an attacker craft a more powerful attack. Analysis Type: Dynamic |
Leaked ASL Data (Custom Values) |
ASL messages are analyzed for sensitive user or application data. Debug logs, which are designed to detect and correct flaws in an application, can leak sensitive information that might help an attacker craft a more powerful attack. Analysis Type: Dynamic |
Leaked ASL Data Email |
ASL messages are analyzed for evidence of exposing the user’s email. Debug logs, which are designed to detect and correct flaws in an application, can leak sensitive information that might help an attacker craft a more powerful attack. Analysis Type: Dynamic |
Leaked ASL Data First Name |
ASL messages are analyzed for evidence of exposing the user’s first name. Debug logs, which are designed to detect and correct flaws in an application, can leak sensitive information that might help an attacker craft a more powerful attack. Analysis Type: Dynamic |
Leaked ASL Data GPS Latitude |
ASL messages are analyzed for exposure of the GPS latitude. Debug logs, which are designed to detect and correct flaws in an application, can leak sensitive information that might help an attacker craft a more powerful attack. Analysis Type: Dynamic |
Leaked ASL Data GPS Longitude |
ASL messages are analyzed for exposure of the GPS longitude. Debug logs, which are designed to detect and correct flaws in an application, can leak sensitive information that might help an attacker craft a more powerful attack. Analysis Type: Dynamic |
Leaked ASL Data IDFV |
ASL messages are analyzed for Identifier for Vendors (IDFV) exposure. Debug logs, which are designed to detect and correct flaws in an application, can leak sensitive information that might help an attacker craft a more powerful attack. Analysis Type: Dynamic |
Leaked ASL Data Last Name |
ASL messages are analyzed for user last name exposure. Debug logs, which are designed to detect and correct flaws in an application, can leak sensitive information that might help an attacker craft a more powerful attack. Analysis Type: Dynamic |
Leaked ASL Data Local WiFi MAC |
ASL messages are analyzed for local wi-fi MAC address exposure. Debug logs, which are designed to detect and correct flaws in an application, can leak sensitive information that might help an attacker craft a more powerful attack. Analysis Type: Dynamic |
Leaked ASL Data Name |
ASL messages are analyzed for exposure of the user’s name. Debug logs, which are designed to detect and correct flaws in an application, can leak sensitive information that might help an attacker craft a more powerful attack. Analysis Type: Dynamic |
Leaked ASL Data Password |
ASL messages are analyzed for password exposure. Debug logs, which are designed to detect and correct flaws in an application, can leak sensitive information that might help an attacker craft a more powerful attack. Analysis Type: Dynamic |
Leaked ASL Data Phone Number |
ASL messages are analyzed for phone number exposure. Debug logs, which are designed to detect and correct flaws in an application, can leak sensitive information that might help an attacker craft a more powerful attack. Analysis Type: Dynamic |
Leaked ASL Data Surrounding WiFi MAC |
ASL messages are analyzed for surrounding wi-fi MAC address exposure. Debug logs, which are designed to detect and correct flaws in an application, can leak sensitive information that might help an attacker craft a more powerful attack. Analysis Type: Dynamic |
Leaked ASL Data Username |
ASL messages are analyzed for username exposure. Debug logs, which are designed to detect and correct flaws in an application, can leak sensitive information that might help an attacker craft a more powerful attack. Analysis Type: Dynamic |
Leaked ASL Data ZIP Code |
Debug logs are generally designed to be used to detect and correct flaws in an application. These logs can leak sensitive information that may help an attacker create a more powerful attack. In this test, ASL messages are analyzed for the existence of sensitive user or application data. Analysis Type: Dynamic |
Libraries ARC |
This check examines the compiled binary for libraries that do not have Automatic Reference Counting (ARC) enabled. Analysis Type: Static |
Libraries SSP |
This test checks if the individual components inside the compiled binary used stack canaries to prevent buffer overflows. Analysis Type: Static |
Local Auth Check |
This check only applies to iOS apps that use Touch ID for authentication. It determines if your application is using an insecure implementation of the Local Authentication framework, which makes it possible to bypass the authentication process through runtime analysis or patching the binary. Analysis Type: Static |
SQLite |
Any interaction with SQLite databases is monitored as the application is running to determine how the application interacts with its data. Analysis Type: Dynamic |
Uses HTTP |
Network requests are evaluated for unencrypted (HTTP) connections. Any such detected endpoints are available in the forensic data. Analysis Type: Static |
- October 31, 2023: Tests version 2023.
- May 27, 2021: Published.
Feedback
0 comments
Please sign in to leave a comment.