Perspective

In a world of continuous everything, security teams are struggling to keep up with testing on the latest versions of iOS before deploying applications designed to run on them. Dynamic mobile app security testing on iOS devices has proven to be a challenge due to the sandboxed environment imposed by Apple, forcing analysts to rely heavily on the existence of a jailbreak in order to provide root level privileges.

A major caveat with this approach is the waning frequency of public jailbreak methods. Over a year ago, Cult of Mac declared the death of jailbreak, per a group of the original pioneers who burst onto the scene a decade ago and pushed iPhone capabilities to the limit, in search of “killer features” and adding 3rd-party apps before they were a thing. But that was 10 years ago and a time when jailbreaks were easier – even somewhat motivated teenagers could execute one. Apple did not back down nor did it look the other way as the jailbreak movement grew. Over the last decade, the tech giant also worked relentlessly to close vulnerability gaps with each update and outpaced and outlasted the casual armchair hacker. Achieving a jailbreak today requires constant focus and monitoring of Apple’s next move and elite, expert knowledge to execute. Currently, jailbreaks are several updates behind Apple’s latest version.

Within the professional security community, security analysts and developers alike are held accountable to ensure their organization’s internally developed mobile apps are secure and safe for the masses. To date, conducting full-depth analysis has required testing dynamically, on real jailbroken devices, to get the best results before shipping out.

Until now.

The purpose of this post is to explain how automated mobile app security testing on the most recent versions of iOS on Apple standard production devices is now possible, with Jailed Testing, via NowSecure Gadget technology on NowSecure Workstation.

 

What is jailed testing?

Jailed testing is a term used to describe full-depth security testing on a device that is not jailbroken; rather the device is factory standard. The unique NowSecure Gadget approach to jailed testing is to perform static, dynamic, and behavioral analysis on iOS apps, while operating within the iOS sandbox on a standard device. At runtime, NowSecure Gadget:

  • Injects codes into the debug build of the app binary
  • Inspects the app through dynamic and behavioral testing
  • Generates results into a pre-formatted and/or customizable report

Since the NowSecure Gadget does not modify or require system level privileges, jailed testing can operate on the latest versions of iOS. And because the NowSecure Gadget is injected at runtime, fully automated security testing can be completed without the need to add custom code, implement a proprietary SDK, or create custom iOS application builds. Furthermore, jailed testing can be done within apps that implement any jailbreak detection method, giving the security analyst a level of depth that was not possible previously.

 


Get day 1 testing on the latest iOS releases with NowSecure Workstation – request a demo.


 

Why is jailed testing important?

The ability to test on Apple protected iOS devices, or “jailed” devices, opens up the ability to test the latest and greatest application features and entitlements that are released with newer versions of iOS, immediately. An example of this would be testing features that specifically use iPhone X’s new camera. Developers can leverage the camera to add FaceID and Animoji support from directly within the application. While features like these provide great functionality to the user, security teams are tasked with understanding any vulnerabilities that may be present as a result of a new feature. Jailed testing helps solve this issue and is why having the ability to conduct testing immediately on the newest iOS versions is such a revolutionary and forward-leaning development.

Innovation that allows testing on the most recent iOS versions is exciting, but the jailed tests must be as robust and dynamic as jailbroken tests. This is why it is important to note that, from a coverage and results perspective, NowSecure provides the same tests and results for jailed testing as traditional jailbroken testing.

Comparable Coverage: Jailbroken vs. Jailed Testing

CHECK TYPE JAILBROKEN JAILED
Sensitive Data: HTTP Dynamic
Sensitive Data: Local Files Dynamic
Sensitive Data: System Logs Dynamic
Sensitive Data: Memory Dump Dynamic
Sensitive Data: Keychain Dynamic
HTTP Requests Dynamic
Certificate Validation Dynamic
Certificate Pinning Dynamic
SSL Downgrade Dynamic
ASLR Static
Stack Smashing Static
ARC Static
Heartbleed Static
OpenSSL CCS Static
Local Authentication Static
App Transport Security Static
Crypto Libraries Static

 

Summing up

At NowSecure, our mission is to save the world from unsafe mobile apps. In order to achieve this mission, we know it is imperative to stay one step ahead to keep pace with the speed of mobility development and threats. Automated and repeatable mobile app security testing on the most recent versions of iOS – including new OS and API features and entitlements – is now possible using the jailed testing technology only available with the NowSecure Gadget in NowSecure Workstation. It provides the same test capability as jailbroken testing today, with substantial additional functionality planned for future releases.

 


Get a demo of day 1 testing on the latest iOS releases with NowSecure Workstation – request a demo today.


 

What to read next:
Jon Porter

Jon Porter

linkedin icon twitter icon

Product Manager

As a Product Manager at NowSecure, Jon helps develop and execute on the NowSecure product vision, liaises across all departments to deliver on customer requests, maintains technical documentation, and is passionate about securing mobile apps worldwide. Jon has a Master of Science in computer, information, and network security from DePaul University where he graduated with distinction.