Before You Approve That App: Build a Vetting Process That Actually Works

Learn how to replace ad hoc app reviews with a scalable vetting process, spot hidden risks like AI components, and make defensible approval decisions with real-world examples.

Register Now
Live Webinar
Live Webinar: Build a Better App Vetting Process Live Webinar: Build a Better App Vetting Process Register Now
magnifying glass icon

iOS Instrumentation without Jailbreak

Posted by

Ole André Vadla Ravnås

Security Researcher at NowSecure
Ole is the creator of Frida, an open-source tool for performing dynamic instrumentation of mobile apps, and indulges his passion for reverse-engineering as a security researcher at NowSecure.
NowSecure Marketing

NowSecure Marketing

Research & Threat Intel

Starting with Frida 6.0, released last week, the assumption was that it would be technically possible to instrument iOS apps on non-jailbroken devices.

I am absolutely thrilled to announce that, as of today, you can do just that:

http://www.frida.re/docs/ios/#without-jailbreak

All you have to do is embed FridaUs .dylib into your app, and ensure that it gets loaded. You can then leverage FridaUs existing CLI tools to trace native APIs, swizzle and play around with Objective-C, call any function, say for fuzzing, or anything else that you could already do on a jailbroken device once you got Frida loaded into a process.

It is also possible to instrument iOS apps running in the iOS Simulator, which is really useful for security explorations during development.

Enjoy!

Related Content

Breaking Down Static vs. Dynamic Security Testing for Mobile Apps
eBook
Mobile App Risk Management: Strategies to Safeguard Revenue and Reputation
eBook
Why You Can’t Trust Public App Stores for Mobile App Security
eBook