Mobile Application Penetration Testing
上QQ阅读APP看书,第一时间看更新

The iOS application structure

Now that we have understood the iOS security model and its permissions, we will see how all the compiled application code, resources, and application metadata required to define a complete application are zipped and signed with the developer's certificate and finally issued as an iOS app store package (iPA). The structural representation of an iOS application would typically be as shown in this diagram:

When an iPA file is opened with any archiving software such as 7-Zip, WinRAR, and so on, you can see the following:

  • Payload: This folder contains all the application data
    • Application.app: This folder contains all the following along with static images and other resources
    • App binary: This is the binary executable
    • Bundle Resources: All the resources required by the app binary are stored here
    • Embedded.mobileprovision: This file is the original provisioning file packaged with the application, and it helps the developers re-sign an iOS application without requiring Xcode
    • CodeSignature: This is responsible for verifying that every single byte within the .app file is exactly the same as when the application was signed by the developer
  • iTunesArtwork: This is an optional file, which is used by iTunesConnect when displaying your app's logo in the Store
  • iTunesMetadata.plist: Contains the relevant application metadata, including details such as the developer's name, bundle identifier, and copyright information