Poster: Automated, Context-Sensitive Analysis of iOS Applications

Dennis Tatang

1st IEEE European Symposium on Security and Privacy (Euro S&P 2016), Saarbrücken, Germany


Abstract

The security of mobile phones and the surrounding ecosystem has attracted a lot of research in the last years. While lots of work has been performed for the Android platform, the security of iOS apps has yet not been explored as much. In this paper, we present an automated analysis method for iOS applications with a focus on code coverage. More specifically, we introduce an analysis method that enables a context-sensitive analysis of input fields in order to bypass registration forms and similar user interface elements with the goal of covering more code paths. For this purpose, static and dynamic program analysis methods are used to automatically detect and handle such UI elements. We built a prototype of the proposed method based on the analysis platform DiOS [1]. Our preliminary results based on an analysis of 25 apps from the official Apple App Store suggest that our approach enables on average a 16% increase in code coverage.

tags: iOS