TUM Logo

Integration of User Interaction into the Analysis of iOS Applications

Integration of User Interaction into the Analysis of iOS Applications

Supervisor(s): Alexander Küchler
Status: finished
Topic: Others
Author: Emir Besic
Submission: 2021-01-15
Type of Thesis: Bachelorthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching

Description

With basically everyone in the world storing a lot of personal information in various apps on their mobile device and security breaches becoming more common by the day, the topic of security has become very important. With so many breaches happening and so many flaws being found every day, it is very difficult for developers to keep up. Hence, it is possible that many of the apps on the market are filled with security issues. This is a huge problem, especially for apps that are working with sensitive data. Hackers can cause unimaginable amounts of damage if they find and abuse a vulnerability in such an app.

Since it is safe to assume that there exist apps with vulnerabilities on the market, how do they go about solving this issue? The first step would be to identify the issues before they are misused. Afterwards they need to patch them as fast as possible. We will focus on the first step, the identification of vulnerabilities. Specifically, we will limit ourselves to the identification of vulnerabilities in iOS Applications, as it is the second most popular mobile OS in the world .

There are existing tools for identifying vulnerabilities by creating a Control Flow Graph of the application. They use static analysis to reverse engineer the app and generate a supergraph that contains a lot of data about the app. These approaches do not, however, take into consideration that many parts of the code only interact with each other with the aid of user interaction and as such, the user interface plays a big role in the app.

With that in mind, our goal is to expand one such tool with the ability to analyze the user interface (UI) of an app. We will extract basic information about the UI and add it to the existing supergraph in an intuitive way. This would allow reverse engineers to, among others, see how the data, entered by a user, flows through the app, which could potentially reveal some vulnerabilities.