GRIEviOS: Generating RandomInput Events for iOS app analysis

Abstract

The automated analysis of mobile applications for Apples iOS platform has historically been hindered by the restricted system privileges available to users. Previous research to deal with these limitations have often been made obsolete by changes to the operating system, and the availability of vendor-provided developer tools allowing for the generation of random input events has made the Android platform an easier target for dynamic analysis efforts for apps. In order to provide similar capabilities for iPhone applications, I present GRIEviOS, a framework aimed at generating user input events for software running on iOS, utilizing established APIs and test automation frameworks that don’t require special device privileges beyond those available to platform developers. Network traffic analysis of apps downloaded from the iOS App Store shows that GRIEviOS- instrumented executions can lead to an increase in observed network hosts that apps communicate with when compared to app executions that did not receive any input events.

Type
Publication
TU Wien