hacktricks/ios-pentesting/ios-pentesting-checklist.md

iOS Pentesting Checklist

Data Storage

• Plist files can be used to store sensitive information.
• ****Core Data SQLite database can store sensitive information.
• ****YapDatabases SQLite database can store sensitive information.
• ****Firebase miss-configuration.
• ****Realm databases can store sensitive information.
• ****Couchbase Lite databases can store sensitive information.
• ****Binary cookies can store sensitive information
• ****Cache data can store sensitive information
• ****Automatic snapshots can save visual sensitive information
• ****Keychain is usually used to store sensitive information that can be left when reselling the phone.
• In summary, just check for sensitive information saved by the application in the filesystem

Keyboards

• Does the application allow to use custom keyboards?
• Check if sensitive information is saved in the keyboards cache files****

Logs

• Check if sensitive information is being logged****

Clipboard

• If using the keyboard the application should use private clipboards
• Is the app using the info from the global clipboard for anything?
• Does the app allow to copy sensitive information to the clipboard?

Backups

• ****Backups can be used to access the sensitive information saved in the file system check the initial point of this checklist
• Also, backups can be used to modify some configurations of the application, then restore the backup on the phone, and the as the modified configuration is loaded some security functionality may be bypassed

Applications Memory

• Check for sensitive information inside the application's memory****

Local Authentication

• If a local authentication is used in the application, you should check how the authentication is working.
  • If it's using the Local Authentication Framework it could be easily bypassed
  • If it's using a function that can dynamically bypassed you could create a custom frida script