MAD-IOS: Dynamic App Vulnerability Analysis in Non-jailbroken Devices

Mobile apps are pervasive in our life supporting us from simple actions, such as photo sharing, to more important ones, such as banking transactions. Security around these operations and data is crucial, making app vulnerability analysis and code review fundamental. Android and iOS split the mobile market share each other. However, while the first can rely on many analysis tools, for iOS it is not the same. Not only there is erroneously the idea about the immunity of iOS from malware and bad coding, but also it is challenging to jailbreak iOS devices. In this paper, we present MAD-IOS, a novel framework for dynamic iOS app vulnerability analysis that does not rely on jailbreaking techniques, making it possible to work also for non-jailbroken devices. Exploiting dynamic analysis and without breaking iOS security model, it is possible to embrace iOS-based devices audience as wide as possible and to provide a security assessment through a normal use of the app.