SlideShare ist ein Scribd-Unternehmen logo

Automation In Android & iOS Application Review

B
Blueinfy Solutions

This document discusses automation of mobile application security reviews by analyzing local storage on Android and iOS devices. It notes that most mobile app reviews find issues with sensitive information being stored locally, which is time-consuming to manually review. The document demonstrates tools like FSDroid for Android and iAppliScan for iOS that can automate monitoring of file system access and local storage to detect what information applications store. It provides examples of automating the detection of specific files, running external tools on stored files, and completely automating the local storage review process.

Technologie
1 von 49
Automation In Android & iOS Application Review
Who Am I? • Hemil Shah – hemil@blueinfy.net • Past experience – HBO, KPMG, IL&FS, Net Square • Interest – Application security research (Web & Mobile) • Published research – Articles / Papers – Packstroem, etc. – Tools – wsScanner, scanweb2.0, AppMap, AppCodeScan, AppPrint etc. hemil@blueinfy.net http://www.blueinfy.com hemil@blueinfy.net http://www.blueinfy.com
Mobile Apps
Gartner Statistics
Frequency of updates • Very High compare to Web Applications • Usually, 4-5 updates in a year for web applications or even less at times • Usually, 10-12 updates in mobile applications or even more in some cases • We all have accepted that application needs to be reviewed before going to production – DID WE???
Frequency of Updates Application Name   Number of Releases in iOS Number of Releases in Android Facebook 19 34 Twitter 22 25 Chase Bank 9 2 eBay 9 4 Amazon 10 3 Temple Run 2 12 10 FB Messenger 12 10 Whatsapp 4 154 skype 8 6
Mobile Attacks • So What attacks are we talking about? • Privacy becomes important along with the Security in mobile space • It is MOBILE so chances of loosing device or someone getting physical access to it is MUCH MUCH higher than the other devices
Mobile Top 10 - OWASP • Insecure Data Storage • Weak Server Side Controls • Insufficient Transport Layer Protection • Client Side Injection • Poor Authorization and Authentication • Improper Session Handling • Security Decisions Via Untrusted Inputs • Side Channel Data Leakage • Broken Cryptography • Sensitive Information Disclosure
Enterprise Mobile Cases
Banking Application • Scanning application for vulnerabilities • Typical banking running with middleware • Vulnerabilities – Mobile interface – Poor encoding to store SSN and PII  information locally – Very sensitive transaction information  stored locally – Profile manipulation (Logical and Hidden values) – Authentication submitted in GET request
E-commerce application Case • Typical application making server side calls • Server side scan with tools/products failedfailed • Security issues and hacks – Storage issues with PII information – SQLite hacks – SQL injection over XML – Ajax driven XSS – Several XSS with Blog component – Several information leaks through JSON fuzzing – CSRF on both XML and JSON
Large Telecom Application • Large Telecom company – Source code review was done – Application is distributed running in browser, PDA and Mobile phones – Payment system was involved – Vulnerable • Keys/session stored in keychain file • Screenshot revealing sensitive information  • Default OS Behavior leaking information • Presentation layer (XSS and CSRF)
Postmortem • One pattern in all the reviews are SOME  INFORMATION WAS STORED  LOCALLY • More than 99% of the application review has the LOCAL STORAGE issue • Fair to say LOCAL STORAGE has been the biggest issue on the Mobile front
Local Storage • Why application needs to store data – Ease of use for the user – Popularity – Competition – Activity with single click – Decrease Transaction time – Post/Get information to/from Social Sites
Local Storage • How does attacker can gain access – Either in same Wifi – Default password after jail breaking (alpine) – ADB over wifi/3G/4G – Physical Theft – Temporary access to device
Local Storage • What information we usually find – Authentication Credentials – Authorization tokens – Financial Statements – Credit card numbers – Owner’s Information – Physical Address, Name, Phone number – Social Engineering Sites profile/habbits – All the request/response to the server including login request
Type of Media • XML File • Text File • Database File (db file) • Images • WebView Control or cache files • Logs
Android – Local Storage
Type of Storage supported • Android OS supports three type of storage – Internal Storage – As part of the application directory, typically under /data/data/PACKAGENAME directory – External Storage – Storage in any external storage i.e. SDCard – Storage in Shared preferences – Storage under shared_prefs directory, Information CAN be accessed by other applications if ALLOWED
How to test • Very hard to test – REALLY??? • Very time consuming as one needs to go through each file under all directory of the application • At times, one need to review files more than once to actually find out what has been stored before login, after login and after logoff
Demo - How to test
Manual Review • Looking for information in local storage manually is really – – Time Consuming – Tedious – Prone to be false negatives (how accurately you can check files more than once in an hour and file formats are different)
Automation • Can we automate it? • Is it possible to know what files/directories my application have accessed when I open it or performed any particular functionality??? • Can I monitor file system as I can do it on windows box or one can monitor network traffic???
FSDroid • Leverages SDK Class – No hacks in here!!! • FSDroid can – – Monitor file system – Can write filter to monitor particular directory – Can save last 5 reports for future use – Does not need mobile device – can run on Emulator smoothly – Easy to run (As easy as giving directory name and pressing start button)
FSDroid - Demo
Android – Interesting Locations
System Information Detail Location Applications /data/data/(package name) Etc /system/etc/ Provisioning Profile /system/etc/security/cacerts.bks Wifi Settings /system/etc/wifi GPS configuration file /system/etc/gps.conf /system/etc/gpsconfig.xml Host file (DNS entries) /system/etc/hosts Device information, Firmware Information, Manufacturer information /system/build.prop Framework files /system/framework Bin directory /system/bin Apk files of installed applications /system/app Tmp /private/var/tmp
Application Information Detail Location Address Book / data/data/com.android.providers.contacts/databases/contacts 2.db User Dictionary / data/data/com.android.providers.userdictionary/databases/user _dict.db Google Map History Information / data/data/com.google.android.apps.maps/databases/search_his tory.db Calendar /data/data/com.android.providers.calendar/databases Photos /sdcard/dcim/Camera
Default Services Information Detail Location SMS (Odd number is for Outgoing calls, Even number is for Incoming calls) / data/data/com.android.providers.telephony/databases/mmssms.d b System provided applications, ringtons and wallpapers /system/media
User Installed Application Detail Location Application permissions, Certificate, Package Name /data/system.packages.xml Installed Applications /data/data/ Application Directory /data/data/(package name) Applications documents i.e. images, PDF, text files /data/data/(package name)/files Application Preferences /data/data/(package name)/shared_prefs Application temporary storage /data/data/(package name)/files
Browser information Detail Location Browser Cookie /data/data/com.android.browser/webview.db Browser favorites (Book marks) /data/data/com.android.browser/browser.db Browser History /data/data/com.android.browser/history.db Browser Settings /data/data/com.android.browser/shared_prefs Browser Cache /data/data/com.android.browser/app_databases
iOS – Local Storage
Type of Storage supported • iOS supports two types of storage – Internal Storage – As part of the application directory, typically under / “/private/var/mobile/Applications/<GUID>" directory – Information can be in PLIST file, binary cookie file or cached – Keychain file – an encrypted file shared between all the applications but have permission model like /etc/shadow
How to test • Nothing new than android • Go through each file and directory multiple times. • Can this be easy???
Demo – Manual Testing
Automation with iAppliScan • Can we automate it? - YES • Using iAppliScan • Requires JailBroken Device and SSH access to it
Demo – Sensitive Information
Demo – Does file exist
Demo – Download file for further analysis
Demo – Run External Binaries
Demo – Complete automation
Where To Get Tools http://blueinfy.com/ •FSDroid •iAppliScan •Other Available Tools – DumpDroid – CheckDebugable – AppCodeScan Mobile Rules
iOS – Interesting Locations
System Information Detail Location Applications /var/stash/Applications Etc /private/etc Var /private/var User /var/mobile Provisioning Profile /var/mobileDevice/ProvisioningProfiles Logs /var/log, /var/logs /var/mobile/Library/Logs Network Settings / var/preferences/SystemConfiguration/com.apple.network.identif ication.plist Wifi Settings /var/preferences/SystemConfiguration/com.apple.wifi.plist /var/preferences/SystemConfiguration/preferences.plist Apple ID, Owner information and Firmware Information /root/Library/Lockdown/data_ark.plist Keychain /var/Keychains KeyBoard Cache /User/Library/Keyboard/dynamic-text.dat Tmp /private/var/tmp
Application Information Detail Location Address Book /var/mobile/Library/AddressBook/AddressBook.sqlitedb /var/mobile/Library/AddressBook/ AddressBookImages.sqlitedb Last searched Google maps /var/mobile/Library/Caches/MapTiles/MapTiles.sqlitedb Google Map History Information /var/mobile/Library/Maps/History.plist /var/mobile/Library/Maps/Directions.plist Calendar /var/mobile/Library/Calendar/Calendar.sqlitedb Data under notes application /var/mobile/Library/Notes/notes.sqlite Configuration file for Applications /var/mobile/Library/Preferences Photos /var/mobile/Media/DCIM/ Application Pictures when HOME button is pressed (Each application has its own directory - Default applications) /User/Library/Caches/Snapshots
Default Services Information Detail Location Call History (Odd number is for Outgoing calls, Even number is for Incoming calls) /var/mobile/Library/Callhistory/call_history.db SMS (Odd number is for Outgoing calls, Even number is for Incoming calls) /var/mobile/Library/SMS/sms.db Voicemail /var/mobile/Library/Voicemail/voicemail.db Voice mail recording /var/mobile/Library/Voicemail/ System provided applications, ringtons and wallpapers /var/stash Call History /var/wireless/Library/CallHistory Call Log /var/wireless/Library/logs Call Preferences /var/wireless/Library/Preferences
User Installed Application Detail Location Installed Applications /User/Applications or /private/var/mobile/Applications Application Directory (Binary, supporting files /User/Applications/<app GUID>/<appname.app> or /private/var/mobile/Applications/<app GUID>/<appname.app> Applications documents i.e. images, PDF, text files /User/Applications/<app GUID>/Documents Application cookies /User/Applications/<app GUID>/Library/Cookies/Cookies.binarycookies Application Preferences (plist files) /User/Applications/<app GUID>/Library/Preferences Application temporary storage /User/Applications/<app GUID>/tmp Application crash report /User/Library/Logs/CrashReporter Application Screens when pressed HOME button /User/Applications/<app GUID>/Library/Caches/Snapshots
Browser information Detail Location Browser Cookie /var/mobile/Library/Cookies/Cookies.binarycookies Browser favorites (Book marks) /var/mobile/Library/Safari/Bookmarks.db Browser History /var/mobile/Library/Safari/History.plist Browser Settings /var/mobile/Library/Preferences/com.apple.mobilesafari.plist Browser Cache /User/Library/Caches/com.apple.WebAppCache/ApplicationCache.db
Conclusion – Questions?

Empfohlen

Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013
Blueinfy Solutions
 
Android secure coding
Android secure codingAndroid secure coding
Android secure coding
Blueinfy Solutions
 
Android attacks
Android attacksAndroid attacks
Android attacks
Blueinfy Solutions
 
Mobile security chess board - attacks & defense
Mobile security chess board - attacks & defenseMobile security chess board - attacks & defense
Mobile security chess board - attacks & defense
Blueinfy Solutions
 
Mobile Application Scan and Testing
Mobile Application Scan and TestingMobile Application Scan and Testing
Mobile Application Scan and Testing
Blueinfy Solutions
 
iOS Application Security Testing
iOS Application Security TestingiOS Application Security Testing
iOS Application Security Testing
Blueinfy Solutions
 
Applciation footprinting, discovery and enumeration
Applciation footprinting, discovery and enumerationApplciation footprinting, discovery and enumeration
Applciation footprinting, discovery and enumeration
Blueinfy Solutions
 
Web Services Hacking and Security
Web Services Hacking and SecurityWeb Services Hacking and Security
Web Services Hacking and Security
Blueinfy Solutions
 

Empfohlen

Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013
Blueinfy Solutions
 
Android secure coding
Android secure codingAndroid secure coding
Android secure coding
Blueinfy Solutions
 
Android attacks
Android attacksAndroid attacks
Android attacks
Blueinfy Solutions
 
Mobile security chess board - attacks & defense
Mobile security chess board - attacks & defenseMobile security chess board - attacks & defense
Mobile security chess board - attacks & defense
Blueinfy Solutions
 
Mobile Application Scan and Testing
Mobile Application Scan and TestingMobile Application Scan and Testing
Mobile Application Scan and Testing
Blueinfy Solutions
 
iOS Application Security Testing
iOS Application Security TestingiOS Application Security Testing
iOS Application Security Testing
Blueinfy Solutions
 
Applciation footprinting, discovery and enumeration
Applciation footprinting, discovery and enumerationApplciation footprinting, discovery and enumeration
Applciation footprinting, discovery and enumeration
Blueinfy Solutions
 
Web Services Hacking and Security
Web Services Hacking and SecurityWeb Services Hacking and Security
Web Services Hacking and Security
Blueinfy Solutions
 
Html5 on mobile
Html5 on mobileHtml5 on mobile
Html5 on mobile
Blueinfy Solutions
 
Advanced applications-architecture-threats
Advanced applications-architecture-threatsAdvanced applications-architecture-threats
Advanced applications-architecture-threats
Blueinfy Solutions
 
Application fuzzing
Application fuzzingApplication fuzzing
Application fuzzing
Blueinfy Solutions
 
Mobile application security – effective methodology, efficient testing! hem...
Mobile application security – effective methodology, efficient testing! hem...Mobile application security – effective methodology, efficient testing! hem...
Mobile application security – effective methodology, efficient testing! hem...
owaspindia
 
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
Sam Bowne
 
The curious case of mobile app security.pptx
The curious case of mobile app security.pptxThe curious case of mobile app security.pptx
The curious case of mobile app security.pptx
Ankit Giri
 
Pentesting web applications
Pentesting web applicationsPentesting web applications
Pentesting web applications
Satish b
 
Using & Abusing APIs: An Examination of the API Attack Surface
Using & Abusing APIs: An Examination of the API Attack SurfaceUsing & Abusing APIs: An Examination of the API Attack Surface
Using & Abusing APIs: An Examination of the API Attack Surface
CA API Management
 
XSS and CSRF with HTML5
XSS and CSRF with HTML5XSS and CSRF with HTML5
XSS and CSRF with HTML5
Shreeraj Shah
 
Core defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applicationsCore defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applications
Karan Nagrecha
 
AppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services HackingAppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services Hacking
Shreeraj Shah
 
Api security
Api security Api security
Api security
teodorcotruta
 
Hacking mobile apps
Hacking mobile appsHacking mobile apps
Hacking mobile apps
kunwaratul hax0r
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack
CA API Management
 
CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)
CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)
CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)
Sam Bowne
 
CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2
Sam Bowne
 
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
Sam Bowne
 
CNIT 129S: Ch 4: Mapping the Application
CNIT 129S: Ch 4: Mapping the ApplicationCNIT 129S: Ch 4: Mapping the Application
CNIT 129S: Ch 4: Mapping the Application
Sam Bowne
 
HTML5 hacking
HTML5 hackingHTML5 hacking
HTML5 hacking
Blueinfy Solutions
 
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan GandhiReliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
bhumika2108
 
Island Man
Island ManIsland Man
Island Man
bayhouseenglish
 
KatieLutzRezyTops
KatieLutzRezyTopsKatieLutzRezyTops
KatieLutzRezyTops
Katie Lutz
 

Weitere ähnliche Inhalte

Was ist angesagt?

Pentesting web applications
Pentesting web applicationsPentesting web applications
Pentesting web applications
Satish b
 
XSS and CSRF with HTML5
XSS and CSRF with HTML5XSS and CSRF with HTML5
XSS and CSRF with HTML5
Shreeraj Shah
 
AppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services HackingAppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services Hacking
Shreeraj Shah
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack
CA API Management
 
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan GandhiReliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
bhumika2108
 

Was ist angesagt? (20)

Html5 on mobile
Html5 on mobileHtml5 on mobile
Html5 on mobile
 
Advanced applications-architecture-threats
Advanced applications-architecture-threatsAdvanced applications-architecture-threats
Advanced applications-architecture-threats
 
Application fuzzing
Application fuzzingApplication fuzzing
Application fuzzing
 
Mobile application security – effective methodology, efficient testing! hem...
Mobile application security – effective methodology, efficient testing! hem...Mobile application security – effective methodology, efficient testing! hem...
Mobile application security – effective methodology, efficient testing! hem...
 
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
 
The curious case of mobile app security.pptx
The curious case of mobile app security.pptxThe curious case of mobile app security.pptx
The curious case of mobile app security.pptx
 
Pentesting web applications
Pentesting web applicationsPentesting web applications
Pentesting web applications
 
Using & Abusing APIs: An Examination of the API Attack Surface
Using & Abusing APIs: An Examination of the API Attack SurfaceUsing & Abusing APIs: An Examination of the API Attack Surface
Using & Abusing APIs: An Examination of the API Attack Surface
 
XSS and CSRF with HTML5
XSS and CSRF with HTML5XSS and CSRF with HTML5
XSS and CSRF with HTML5
 
Core defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applicationsCore defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applications
 
AppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services HackingAppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services Hacking
 
Api security
Api security Api security
Api security
 
Hacking mobile apps
Hacking mobile appsHacking mobile apps
Hacking mobile apps
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack
 
CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)
CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)
CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)
 
CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2
 
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
 
CNIT 129S: Ch 4: Mapping the Application
CNIT 129S: Ch 4: Mapping the ApplicationCNIT 129S: Ch 4: Mapping the Application
CNIT 129S: Ch 4: Mapping the Application
 
HTML5 hacking
HTML5 hackingHTML5 hacking
HTML5 hacking
 
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan GandhiReliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
 

Andere mochten auch

KatieLutzRezyTops
KatieLutzRezyTopsKatieLutzRezyTops
KatieLutzRezyTops
Katie Lutz
 
Assignment principles of exporting afghanistan (talha n atta)
Assignment principles of exporting afghanistan (talha n atta)Assignment principles of exporting afghanistan (talha n atta)
Assignment principles of exporting afghanistan (talha n atta)
dialme4
 
Ord. nº 1512 ssmo modifica registro sanitario bezafibrato ciprofibrato o ge...
Ord. nº 1512 ssmo modifica registro sanitario bezafibrato ciprofibrato o ge...Ord. nº 1512 ssmo modifica registro sanitario bezafibrato ciprofibrato o ge...
Ord. nº 1512 ssmo modifica registro sanitario bezafibrato ciprofibrato o ge...
José Luis Contreras Muñoz
 
DevOpsCon 2016 - Continuous Security Testing - Stephan Kaps
DevOpsCon 2016 - Continuous Security Testing - Stephan KapsDevOpsCon 2016 - Continuous Security Testing - Stephan Kaps
DevOpsCon 2016 - Continuous Security Testing - Stephan Kaps
Stephan Kaps
 
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Shreeraj Shah
 
Optimizing Your Application Security Program with Netsparker and ThreadFix
Optimizing Your Application Security Program with Netsparker and ThreadFixOptimizing Your Application Security Program with Netsparker and ThreadFix
Optimizing Your Application Security Program with Netsparker and ThreadFix
Denim Group
 
PLM, BIM serveur : qui fait quoi, quand et comment ? Pratiques et technologie...
PLM, BIM serveur : qui fait quoi, quand et comment ? Pratiques et technologie...PLM, BIM serveur : qui fait quoi, quand et comment ? Pratiques et technologie...
PLM, BIM serveur : qui fait quoi, quand et comment ? Pratiques et technologie...
Sylvain Kubicki
 

Andere mochten auch (17)

Island Man
Island ManIsland Man
Island Man
 
KatieLutzRezyTops
KatieLutzRezyTopsKatieLutzRezyTops
KatieLutzRezyTops
 
Geraldine O Reilly Under the Cover of Trees At The Doorway Gallery
Geraldine O Reilly Under the Cover of Trees At The Doorway GalleryGeraldine O Reilly Under the Cover of Trees At The Doorway Gallery
Geraldine O Reilly Under the Cover of Trees At The Doorway Gallery
 
iWelcome case study: PostNL - Identity in the heart of transition to the cloud
iWelcome case study: PostNL - Identity in the heart of transition to the cloudiWelcome case study: PostNL - Identity in the heart of transition to the cloud
iWelcome case study: PostNL - Identity in the heart of transition to the cloud
 
New base 989 special 19 january 2017 energy news
New base 989 special 19 january 2017 energy newsNew base 989 special 19 january 2017 energy news
New base 989 special 19 january 2017 energy news
 
Udl 523
Udl 523Udl 523
Udl 523
 
Los paises americanos美洲国家
Los paises americanos美洲国家Los paises americanos美洲国家
Los paises americanos美洲国家
 
Food images
Food imagesFood images
Food images
 
Jay parmar, Legal and Policy Director at BVLRA - Ultra Low Emissions Vehicl...
Jay parmar, Legal and Policy Director at BVLRA - Ultra Low Emissions Vehicl...Jay parmar, Legal and Policy Director at BVLRA - Ultra Low Emissions Vehicl...
Jay parmar, Legal and Policy Director at BVLRA - Ultra Low Emissions Vehicl...
 
Jean-Pierre Senekal – The Impact of Self-Esteem on the Student Supervisor Wor...
Jean-Pierre Senekal – The Impact of Self-Esteem on the Student Supervisor Wor...Jean-Pierre Senekal – The Impact of Self-Esteem on the Student Supervisor Wor...
Jean-Pierre Senekal – The Impact of Self-Esteem on the Student Supervisor Wor...
 
Assignment principles of exporting afghanistan (talha n atta)
Assignment principles of exporting afghanistan (talha n atta)Assignment principles of exporting afghanistan (talha n atta)
Assignment principles of exporting afghanistan (talha n atta)
 
Ord. nº 1512 ssmo modifica registro sanitario bezafibrato ciprofibrato o ge...
Ord. nº 1512 ssmo modifica registro sanitario bezafibrato ciprofibrato o ge...Ord. nº 1512 ssmo modifica registro sanitario bezafibrato ciprofibrato o ge...
Ord. nº 1512 ssmo modifica registro sanitario bezafibrato ciprofibrato o ge...
 
California History Social Science Frameworks
California History Social Science FrameworksCalifornia History Social Science Frameworks
California History Social Science Frameworks
 
DevOpsCon 2016 - Continuous Security Testing - Stephan Kaps
DevOpsCon 2016 - Continuous Security Testing - Stephan KapsDevOpsCon 2016 - Continuous Security Testing - Stephan Kaps
DevOpsCon 2016 - Continuous Security Testing - Stephan Kaps
 
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
 
Optimizing Your Application Security Program with Netsparker and ThreadFix
Optimizing Your Application Security Program with Netsparker and ThreadFixOptimizing Your Application Security Program with Netsparker and ThreadFix
Optimizing Your Application Security Program with Netsparker and ThreadFix
 
PLM, BIM serveur : qui fait quoi, quand et comment ? Pratiques et technologie...
PLM, BIM serveur : qui fait quoi, quand et comment ? Pratiques et technologie...PLM, BIM serveur : qui fait quoi, quand et comment ? Pratiques et technologie...
PLM, BIM serveur : qui fait quoi, quand et comment ? Pratiques et technologie...
 

Ähnlich wie Automation In Android & iOS Application Review

Windows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 AppsWindows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 Apps
Jorge Orchilles
 
Mobile security services 2012
Mobile security services 2012Mobile security services 2012
Mobile security services 2012
Tjylen Veselyj
 
Metadata - What is Unseen
Metadata - What is UnseenMetadata - What is Unseen
Metadata - What is Unseen
Edith Cowan University
 
iOS Application Penetation Test
iOS Application Penetation TestiOS Application Penetation Test
iOS Application Penetation Test
JongWon Kim
 

Ähnlich wie Automation In Android & iOS Application Review (20)

Pentesting iPhone applications
Pentesting iPhone applicationsPentesting iPhone applications
Pentesting iPhone applications
 
Windows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 AppsWindows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 Apps
 
Hacker Halted 2014 - EMM Limits & Solutions
Hacker Halted 2014 - EMM Limits & SolutionsHacker Halted 2014 - EMM Limits & Solutions
Hacker Halted 2014 - EMM Limits & Solutions
 
Sql securitytesting
Sql securitytestingSql securitytesting
Sql securitytesting
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)
 
Mobile security services 2012
Mobile security services 2012Mobile security services 2012
Mobile security services 2012
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
 
Application Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs SecurityApplication Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs Security
 
128-ch4.pptx
128-ch4.pptx128-ch4.pptx
128-ch4.pptx
 
CNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidCNIT 128 Ch 4: Android
CNIT 128 Ch 4: Android
 
Mobile Browser Content Handling
Mobile Browser Content HandlingMobile Browser Content Handling
Mobile Browser Content Handling
 
CNIT 128 8: Mobile development security
CNIT 128 8: Mobile development securityCNIT 128 8: Mobile development security
CNIT 128 8: Mobile development security
 
Google android os
Google android osGoogle android os
Google android os
 
Metadata - What is Unseen
Metadata - What is UnseenMetadata - What is Unseen
Metadata - What is Unseen
 
Building Mobile (app) Masterpiece with Distributed Agile
Building Mobile (app) Masterpiece with Distributed AgileBuilding Mobile (app) Masterpiece with Distributed Agile
Building Mobile (app) Masterpiece with Distributed Agile
 
iOS Application Penetation Test
iOS Application Penetation TestiOS Application Penetation Test
iOS Application Penetation Test
 
Application security in current era
Application security in current eraApplication security in current era
Application security in current era
 
Citrix Day 2014: ShareFile Enterprise
Citrix Day 2014: ShareFile EnterpriseCitrix Day 2014: ShareFile Enterprise
Citrix Day 2014: ShareFile Enterprise
 
Cloudlytics - Analyze S3 & CloudFront Logs
Cloudlytics - Analyze S3 & CloudFront LogsCloudlytics - Analyze S3 & CloudFront Logs
Cloudlytics - Analyze S3 & CloudFront Logs
 
Securing Android
Securing AndroidSecuring Android
Securing Android
 

Mehr von Blueinfy Solutions

Mehr von Blueinfy Solutions (9)

Source Code Analysis with SAST
Source Code Analysis with SASTSource Code Analysis with SAST
Source Code Analysis with SAST
 
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectCSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open Redirect
 
XSS - Attacks & Defense
XSS - Attacks & DefenseXSS - Attacks & Defense
XSS - Attacks & Defense
 
Defending against Injections
Defending against InjectionsDefending against Injections
Defending against Injections
 
XPATH, LDAP and Path Traversal Injection
XPATH, LDAP and Path Traversal InjectionXPATH, LDAP and Path Traversal Injection
XPATH, LDAP and Path Traversal Injection
 
Blind SQL Injection
Blind SQL InjectionBlind SQL Injection
Blind SQL Injection
 
SQL injection basics
SQL injection basicsSQL injection basics
SQL injection basics
 
Assessment methodology and approach
Assessment methodology and approachAssessment methodology and approach
Assessment methodology and approach
 
HTTP protocol and Streams Security
HTTP protocol and Streams SecurityHTTP protocol and Streams Security
HTTP protocol and Streams Security
 

Kürzlich hochgeladen

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Kürzlich hochgeladen (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

Automation In Android & iOS Application Review

  • 1. Automation In Android & iOS Application Review
  • 2. Who Am I? • Hemil Shah – hemil@blueinfy.net • Past experience – HBO, KPMG, IL&FS, Net Square • Interest – Application security research (Web & Mobile) • Published research – Articles / Papers – Packstroem, etc. – Tools – wsScanner, scanweb2.0, AppMap, AppCodeScan, AppPrint etc. hemil@blueinfy.net http://www.blueinfy.com hemil@blueinfy.net http://www.blueinfy.com
  • 5. Frequency of updates • Very High compare to Web Applications • Usually, 4-5 updates in a year for web applications or even less at times • Usually, 10-12 updates in mobile applications or even more in some cases • We all have accepted that application needs to be reviewed before going to production – DID WE???
  • 6. Frequency of Updates Application Name   Number of Releases in iOS Number of Releases in Android Facebook 19 34 Twitter 22 25 Chase Bank 9 2 eBay 9 4 Amazon 10 3 Temple Run 2 12 10 FB Messenger 12 10 Whatsapp 4 154 skype 8 6
  • 7. Mobile Attacks • So What attacks are we talking about? • Privacy becomes important along with the Security in mobile space • It is MOBILE so chances of loosing device or someone getting physical access to it is MUCH MUCH higher than the other devices
  • 8. Mobile Top 10 - OWASP • Insecure Data Storage • Weak Server Side Controls • Insufficient Transport Layer Protection • Client Side Injection • Poor Authorization and Authentication • Improper Session Handling • Security Decisions Via Untrusted Inputs • Side Channel Data Leakage • Broken Cryptography • Sensitive Information Disclosure
  • 10. Banking Application • Scanning application for vulnerabilities • Typical banking running with middleware • Vulnerabilities – Mobile interface – Poor encoding to store SSN and PII  information locally – Very sensitive transaction information  stored locally – Profile manipulation (Logical and Hidden values) – Authentication submitted in GET request
  • 11. E-commerce application Case • Typical application making server side calls • Server side scan with tools/products failedfailed • Security issues and hacks – Storage issues with PII information – SQLite hacks – SQL injection over XML – Ajax driven XSS – Several XSS with Blog component – Several information leaks through JSON fuzzing – CSRF on both XML and JSON
  • 12. Large Telecom Application • Large Telecom company – Source code review was done – Application is distributed running in browser, PDA and Mobile phones – Payment system was involved – Vulnerable • Keys/session stored in keychain file • Screenshot revealing sensitive information  • Default OS Behavior leaking information • Presentation layer (XSS and CSRF)
  • 13. Postmortem • One pattern in all the reviews are SOME  INFORMATION WAS STORED  LOCALLY • More than 99% of the application review has the LOCAL STORAGE issue • Fair to say LOCAL STORAGE has been the biggest issue on the Mobile front
  • 14. Local Storage • Why application needs to store data – Ease of use for the user – Popularity – Competition – Activity with single click – Decrease Transaction time – Post/Get information to/from Social Sites
  • 15. Local Storage • How does attacker can gain access – Either in same Wifi – Default password after jail breaking (alpine) – ADB over wifi/3G/4G – Physical Theft – Temporary access to device
  • 16. Local Storage • What information we usually find – Authentication Credentials – Authorization tokens – Financial Statements – Credit card numbers – Owner’s Information – Physical Address, Name, Phone number – Social Engineering Sites profile/habbits – All the request/response to the server including login request
  • 17. Type of Media • XML File • Text File • Database File (db file) • Images • WebView Control or cache files • Logs
  • 18. Android – Local Storage
  • 19. Type of Storage supported • Android OS supports three type of storage – Internal Storage – As part of the application directory, typically under /data/data/PACKAGENAME directory – External Storage – Storage in any external storage i.e. SDCard – Storage in Shared preferences – Storage under shared_prefs directory, Information CAN be accessed by other applications if ALLOWED
  • 20. How to test • Very hard to test – REALLY??? • Very time consuming as one needs to go through each file under all directory of the application • At times, one need to review files more than once to actually find out what has been stored before login, after login and after logoff
  • 21. Demo - How to test
  • 22. Manual Review • Looking for information in local storage manually is really – – Time Consuming – Tedious – Prone to be false negatives (how accurately you can check files more than once in an hour and file formats are different)
  • 23. Automation • Can we automate it? • Is it possible to know what files/directories my application have accessed when I open it or performed any particular functionality??? • Can I monitor file system as I can do it on windows box or one can monitor network traffic???
  • 24. FSDroid • Leverages SDK Class – No hacks in here!!! • FSDroid can – – Monitor file system – Can write filter to monitor particular directory – Can save last 5 reports for future use – Does not need mobile device – can run on Emulator smoothly – Easy to run (As easy as giving directory name and pressing start button)
  • 27. System Information Detail Location Applications /data/data/(package name) Etc /system/etc/ Provisioning Profile /system/etc/security/cacerts.bks Wifi Settings /system/etc/wifi GPS configuration file /system/etc/gps.conf /system/etc/gpsconfig.xml Host file (DNS entries) /system/etc/hosts Device information, Firmware Information, Manufacturer information /system/build.prop Framework files /system/framework Bin directory /system/bin Apk files of installed applications /system/app Tmp /private/var/tmp
  • 28. Application Information Detail Location Address Book / data/data/com.android.providers.contacts/databases/contacts 2.db User Dictionary / data/data/com.android.providers.userdictionary/databases/user _dict.db Google Map History Information / data/data/com.google.android.apps.maps/databases/search_his tory.db Calendar /data/data/com.android.providers.calendar/databases Photos /sdcard/dcim/Camera
  • 29. Default Services Information Detail Location SMS (Odd number is for Outgoing calls, Even number is for Incoming calls) / data/data/com.android.providers.telephony/databases/mmssms.d b System provided applications, ringtons and wallpapers /system/media
  • 30. User Installed Application Detail Location Application permissions, Certificate, Package Name /data/system.packages.xml Installed Applications /data/data/ Application Directory /data/data/(package name) Applications documents i.e. images, PDF, text files /data/data/(package name)/files Application Preferences /data/data/(package name)/shared_prefs Application temporary storage /data/data/(package name)/files
  • 31. Browser information Detail Location Browser Cookie /data/data/com.android.browser/webview.db Browser favorites (Book marks) /data/data/com.android.browser/browser.db Browser History /data/data/com.android.browser/history.db Browser Settings /data/data/com.android.browser/shared_prefs Browser Cache /data/data/com.android.browser/app_databases
  • 32. iOS – Local Storage
  • 33. Type of Storage supported • iOS supports two types of storage – Internal Storage – As part of the application directory, typically under / “/private/var/mobile/Applications/<GUID>" directory – Information can be in PLIST file, binary cookie file or cached – Keychain file – an encrypted file shared between all the applications but have permission model like /etc/shadow
  • 34. How to test • Nothing new than android • Go through each file and directory multiple times. • Can this be easy???
  • 35. Demo – Manual Testing
  • 36. Automation with iAppliScan • Can we automate it? - YES • Using iAppliScan • Requires JailBroken Device and SSH access to it
  • 37. Demo – Sensitive Information
  • 38. Demo – Does file exist
  • 39. Demo – Download file for further analysis
  • 40. Demo – Run External Binaries
  • 41. Demo – Complete automation
  • 42. Where To Get Tools http://blueinfy.com/ •FSDroid •iAppliScan •Other Available Tools – DumpDroid – CheckDebugable – AppCodeScan Mobile Rules
  • 43. iOS – Interesting Locations
  • 44. System Information Detail Location Applications /var/stash/Applications Etc /private/etc Var /private/var User /var/mobile Provisioning Profile /var/mobileDevice/ProvisioningProfiles Logs /var/log, /var/logs /var/mobile/Library/Logs Network Settings / var/preferences/SystemConfiguration/com.apple.network.identif ication.plist Wifi Settings /var/preferences/SystemConfiguration/com.apple.wifi.plist /var/preferences/SystemConfiguration/preferences.plist Apple ID, Owner information and Firmware Information /root/Library/Lockdown/data_ark.plist Keychain /var/Keychains KeyBoard Cache /User/Library/Keyboard/dynamic-text.dat Tmp /private/var/tmp
  • 45. Application Information Detail Location Address Book /var/mobile/Library/AddressBook/AddressBook.sqlitedb /var/mobile/Library/AddressBook/ AddressBookImages.sqlitedb Last searched Google maps /var/mobile/Library/Caches/MapTiles/MapTiles.sqlitedb Google Map History Information /var/mobile/Library/Maps/History.plist /var/mobile/Library/Maps/Directions.plist Calendar /var/mobile/Library/Calendar/Calendar.sqlitedb Data under notes application /var/mobile/Library/Notes/notes.sqlite Configuration file for Applications /var/mobile/Library/Preferences Photos /var/mobile/Media/DCIM/ Application Pictures when HOME button is pressed (Each application has its own directory - Default applications) /User/Library/Caches/Snapshots
  • 46. Default Services Information Detail Location Call History (Odd number is for Outgoing calls, Even number is for Incoming calls) /var/mobile/Library/Callhistory/call_history.db SMS (Odd number is for Outgoing calls, Even number is for Incoming calls) /var/mobile/Library/SMS/sms.db Voicemail /var/mobile/Library/Voicemail/voicemail.db Voice mail recording /var/mobile/Library/Voicemail/ System provided applications, ringtons and wallpapers /var/stash Call History /var/wireless/Library/CallHistory Call Log /var/wireless/Library/logs Call Preferences /var/wireless/Library/Preferences
  • 47. User Installed Application Detail Location Installed Applications /User/Applications or /private/var/mobile/Applications Application Directory (Binary, supporting files /User/Applications/<app GUID>/<appname.app> or /private/var/mobile/Applications/<app GUID>/<appname.app> Applications documents i.e. images, PDF, text files /User/Applications/<app GUID>/Documents Application cookies /User/Applications/<app GUID>/Library/Cookies/Cookies.binarycookies Application Preferences (plist files) /User/Applications/<app GUID>/Library/Preferences Application temporary storage /User/Applications/<app GUID>/tmp Application crash report /User/Library/Logs/CrashReporter Application Screens when pressed HOME button /User/Applications/<app GUID>/Library/Caches/Snapshots
  • 48. Browser information Detail Location Browser Cookie /var/mobile/Library/Cookies/Cookies.binarycookies Browser favorites (Book marks) /var/mobile/Library/Safari/Bookmarks.db Browser History /var/mobile/Library/Safari/History.plist Browser Settings /var/mobile/Library/Preferences/com.apple.mobilesafari.plist Browser Cache /User/Library/Caches/com.apple.WebAppCache/ApplicationCache.db