AppScan - AI-Powered Application Security Testing Tool - Better Apps with better data
AppScan - AI-Powered Application Security Testing Tool - Better Apps with better data
Archer Review - NCLEX (com.archerreview.nclex) AppScan reports & audits
How is built Archer Review - NCLEX iOS App?
When starting an iOS app development project, there are several critical items that developers should consider. In this article, we will discuss the top seven items that should be at the forefront of any iOS app development project.
Decide on the Development Approach: Next, developers must decide on the development approach. There are two main options: native app development and cross-platform app development. While cross-platform development is quicker, native development ensures a better user experience and performance.
Use the Latest Xcode Version: Xcode is the integrated development environment for iOS app development. It is crucial to install the latest version of Xcode to take advantage of new features and bug fixes.
Agree on iOS Version Support: It is also essential to agree on the iOS version support for the app. Consider the latest iOS version, as well as any legacy versions that the app should support.
Make Use of Libraries and Frameworks: Finally, developers should make use of libraries and frameworks to streamline the development process. This can help reduce development time and improve the app's functionality and performance.
ID : 
com.archerreview.nclex
Xcode :
14.1 (20B71)
App Technology :
Flutter
Third Party Libraries :
Toast
,
FBSDKLoginKit
,
GoogleDataTransport
,
FirebaseCrashlytics
,
,
Full list in the report
Apple dylibs :
,
Full list in the report
What are the main features Archer Review - NCLEX iOS App?
One way to identify the key features of an iOS app is by examining its App bundle. By scanning the bundle, developers can gain insight into the app's contents, such as its code, resources, and other assets. This information can be useful in understanding how the app functions and what its main features are. Additionally, analyzing the App bundle can help developers identify any potential issues or areas for improvement in the app's design and performance.Permissions: When an app requests certain permissions, it can give insights into what the app is designed to do. For example, if an app requests permission to access the user's location, it suggests that the app may have a mapping or location-based feature. Similarly, if an app requests permission to access the user's camera or microphone, it suggests that the app may have a video or audio recording feature. Entitlements: are key value pairs that are signed in to an app and allow authentication beyond runtime factors, like UNIX user ID. Since entitlements are digitally signed, they can’t be changed. Entitlements are used extensively by system apps and daemons to perform specific privileged operations that would otherwise require the process to run as root. This greatly reduces the potential for privilege escalation by a compromised system app or daemon.
Entitlements :
3 entitlements
,
,
Full list in the report
App Private Schemes :
1 schemes
,
,
Full list in the report
Supported Languages :
,
0 languages to discover
,
More data in full report
How Archer Review - NCLEX iOS App is integrated in the system?
Custom URL Schemes, Universal Links, UIActivity Sharing, App Extensions, UIPasteboard : During implementation of a mobile application, developers may apply traditional techniques for IPC (such as using shared files or network sockets). The IPC system functionality offered by mobile application platforms should be used because it is much more mature than traditional techniques. Using IPC mechanisms with no security in mind may cause the application to leak or expose sensitive data. (Custom URL Schemes, Universal Links, UIActivity Sharing, App Extensions, UIPasteboard).Query Schemes Registration:iOS 9 introduces LSApplicationQueriesSchemes to allow apps to query if other apps are installed. Specifies the URL schemes you want the app to be able to use. App Extensions:Together with iOS 8, Apple introduced App Extensions. According to Apple App Extension Programming Guide, app extensions let apps offer custom functionality and content to users while they’re interacting with other apps or the system. In order to do this, they implement specific, well scoped tasks like, for example, define what happens after the user clicks on the Share button and selects some app or action, provide the content for a Today widget or enable a custom keyboard.Universal Links: Universal links are the iOS equivalent to Android App Links (aka. Digital Asset Links) and are used for deep linking. When tapping a universal link (to the app's website), the user will seamlessly be redirected to the corresponding installed app without going through Safari. If the app isn’t installed, the link will open in Safari.
Requested Schemes :
fbapi
,
fb-messenger-share-api
,
fbauth2
,
fbshareextension
,
4 schemes
,
,
Full list in the report
Requested Apps :
Facebook
,
Messenger
,
Facebook
,
Facebook
,
4 Apps
,
,
Full list in the report
App Extensions :
0 App extensions
,
,
Full list in the report
Associated Domains :
,
Full list in the report
How is packaged the Archer Review - NCLEX iOS App?
The App Bundle is a critical component of iOS app development. It is a collection of all the files and resources required for the app to run, including the code, images, sounds, and other assets.
One of the most important considerations when building an App Bundle is the size of the app. App size can impact user experience and can also affect the download time, especially for users with slower internet connections. Therefore, developers must ensure that the app size is optimized without sacrificing quality.
One way to optimize the App Bundle size is to reduce the number of assets used in the app. While having many assets can improve the app's visual appeal, it can also increase the app size. Therefore, developers should use only the essential assets required to deliver a good user experience.
Number of files :
1382 files
Number of medias :
487 files
App Size :
49,4 Mo
After conducting audits of various parameters, AppScan developed a comprehensive scoring system to evaluate the overall quality of the iOS app: The AppScore. The score is based on multiple factors, including the version of Xcode used during development, the permissions requested by the app, and the level of integration with the iOS operating system. By considering these parameters, the scoring system provides a reliable and objective measure of the app's quality, enabling developers to identify areas for improvement and ultimately deliver a better user experience.
| Description | Scoring |
|---|---|
| Audit several Security Points of the App |
3.4/5 See details |
| Audit Open Source Librairies used to build the App |
4.4/5 See details |
| Audit tools used to compile the App |
5.0/5 See details |
| Audit Minimum iOS version configuration for the App |
5.0/5 See details |
| Audit the configured permissions |
4.4/5 See details |
| Audit the resources packaged in the App Bundle |
5.0/5 See details |
| Audit the App Size. Is it too big? |
4.7/5 See details |
| Audit the configured supported languages by the App |
3.4/5 See details |
| Audit the App Interactions and how the App is integrated in the system |
3.0/5 See details |
Audit several Security Points of the Archer Review - NCLEX iOS App
Finally, the app's security must also be audited. This includes identifying any security vulnerabilities and ensuring that they are addressed. It is also important to ensure that the app complies with the latest security standards and guidelines.
| Rule identifiers | Description | Results |
|---|---|---|
| TECH_RESOURCES_FILE_SECURITY | This rule in checking if dangerous files are in the bundle. |
Discover in the full audit report |
| TECH_PLIST_extraKeys | This rule is scanning for extra keys into your plist, that data are really not well secured. Is it safe ? |
Discover in the full audit report |
| TECH_PLIST_apiKeys | This rule is scanning for api keys into your plist, that data are really not well secured. Is it safe ? |
Discover in the full audit report |
| TECH_PLIST_ATS_NSAllowsArbitraryLoads | This rule is detecting if ATS.NSAllowsArbitraryLoads exceptions are configured. |
Discover in the full audit report |
| TECH_PLIST_ATS_NSAllowsArbitraryLoadsInWebContent | This rule is detecting if ATS.NSAllowsArbitraryLoadsInWebContent exceptions are configured. |
Discover in the full audit report |
| TECH_PLIST_ATS_NSExceptionDomains | This rule is detecting if ATS.NSExceptionDomains exceptions are configured. |
Discover in the full audit report |
| TECH_DEEPLINKS_SCHEME_SECURITY | The URLScheme is not safe, Apple advise to move to universalLink. |
Discover in the full audit report |
| TECH_DEEPLINKS_SCHEME_NOT_UNIQUE | This URLScheme is not safe, multiple apps can be opened using it. |
Discover in the full audit report |
Audit the tools used to compile the Archer Review - NCLEX iOS App
The first step in auditing an iOS app is to identify the tools used in its development. This includes the development environment, version control system, and any other tools used. This information can help determine the level of expertise required to maintain the app.
| Rule identifiers | Description | Results |
|---|---|---|
| TECH_XCODE_VERSION_NOT_THE_LAST | This rule checks the Xcode version used to compile the App. It's not the last released version. |
Discover in the full audit report |
| TECH_XCODE_VERSION_NOT_THE_PREVIOUS_MAJOR | This rule checks the Xcode version used to compile the App. It's not the Major released version. |
Discover in the full audit report |
Audit Minimum iOS version configured in Archer Review - NCLEX iOS App
It is essential to determine the minimum iOS version supported by the app. This information can help determine the level of backward compatibility required and the level of effort required to maintain the app.
| Rule identifiers | Description | Results |
|---|---|---|
| TECH_MIN_IOS_VERSION_ONLY_1_MAJOR | The App is trageting only one major version ? Maybe not a well targeted number of devices. |
Discover in the full audit report |
| TECH_MIN_IOS_VERSION_ONLY_2_MAJORS | The App is trageting only two major versions ? Maybe not a well targeted number of devices. |
Discover in the full audit report |
Audit Open source librairies in the Archer Review - NCLEX iOS App
The use of open-source libraries must also be audited. It is important to identify the licenses of each library and ensure that they are compatible with the app's license. It is also essential to ensure that the libraries are up-to-date and do not pose any security risks.
| Rule identifiers | Description | Results |
|---|---|---|
| TECH_LIB_LICENCE_DANGEROUS | This rule detects if a license is dangerous for your App. (for example the GPL license) |
Discover in the full audit report |
| TECH_LIB_LICENCE_GITHUB_POD_INCOHERENCE | This rule detects if a license is may be dangerous for your App. The license is different between github and pod |
Discover in the full audit report |
| TECH_LIB_BAD_VITALITY | This rule checks the Vitality param (computation to be detailed). |
Discover in the full audit report |
| TECH_LIB_NOT_MAJOR | This rule checks if your App is using an old version of the librairy. Too old ? |
Discover in the full audit report |
Audit Permissions configured in the Archer Review - NCLEX iOS App
The app permissions must also be audited. This includes identifying the permissions required by the app, as well as the justification for each permission. It is essential to ensure that the app does not require unnecessary permissions.
| Rule identifiers | Description | Results |
|---|---|---|
| TECH_PLIST_PERMISSIONS_DEPRECATED | This rule check if deprecated permissions are used. |
Discover in the full audit report |
| TECH_PLIST_PERMISSIONS_FEW_PERMISSIONS | This rule is there a significant number of permissions |
Discover in the full audit report |
| TECH_PLIST_BONUS_PERMISSIONS_LOCATIONS_MULTIPLE | Bonus - Multiple type of location permissions are implemented. |
Discover in the full audit report |
| TECH_PLIST_BONUS_PERMISSIONS_LOCATIONS_RARE | Bonus - the App implement RARE or COMPLEX permissions. That show a real good developer work |
Discover in the full audit report |
| TECH_PLIST_BONUS_LOT_OF_PERMISSIONS | Bonus - Scan if the App ask for a lot of permissions |
Discover in the full audit report |
Audit Archer Review - NCLEX App Resources
The app's assets and resources must also be audited. This includes identifying the size of the app and ensuring that it is optimized. It is also important to ensure that the app only includes essential assets and resources.
| Rule identifiers | Description | Results |
|---|---|---|
| TECH_RESOURCES_IMAGES_NOT_ASSETS_IN_MAIN | This rule in checking if some images are not managed into Assets files for the Main code. |
Discover in the full audit report |
| TECH_RESOURCES_IMAGES_MISSING_SCALES_IN_MAIN | This rule in checking if some images are missing in the Main bundle. |
Discover in the full audit report |
| TECH_ATT_MISSING | This rule is checking if you App is missing the NSUserTrackingUsageDescription. |
Discover in the full audit report |
| TECH_DEEPLINKS_UNIVERSAL_LINK_JSON_MISSING | This rule is checking is the apple association file (apple-app-site-association) is available on the website. |
Discover in the full audit report |
| TECH_DEEPLINKS_UNIVERSAL_LINK_JSON_UNCOMPLETE | This rule is checking is your App is declarerd on the apple association file (apple-app-site-association) available on the website. |
Discover in the full audit report |
Audit Archer Review - NCLEX App Size
The size of the app must also be audited. This includes identifying the size of the app and ensuring that it is optimized. It is also important to ensure that the app only includes essential assets and resources.
| Rule identifiers | Description | Results |
|---|---|---|
| TECH_SIZE_APP_IS_TOO_BIG_GSM_LIMIT | This rule checks if the App size is too big to download in GSM. |
Discover in the full audit report |
| TECH_SIZE_APP_IS_BIG | This rule checks if the App size is too big. |
Discover in the full audit report |
| TECH_SIZE_BIG_FRAMEWORK | This framework seems to be big if we compare it to the size of the entire App. |
Discover in the full audit report |
| TECH_SIZE_BIG_FILE | Big file detected if we compare it to the size of the entire App. |
Discover in the full audit report |
| TECH_SIZE_FILE_EMPTY | File empty detected if we compare it to the size of the entire App. |
Discover in the full audit report |
Audit Archer Review - NCLEX supported Languages
The app's supported languages must also be audited. This includes identifying the languages supported by the app and ensuring that they are correctly implemented.
| Rule identifiers | Description | Results |
|---|---|---|
| TECH_SUPPORTED_LANGUAGES_MISSING | This rule is checking supported languages are implemented |
Discover in the full audit report |
| TECH_POOR_NUMBER_SUPPORTED_LANGUAGES_MISSING | This rule is checking few supported languages are implemented |
Discover in the full audit report |
| TECH_STRINGS_INFOPLIST_MISSING | This rule is checking if some InfoPlist.string files are missing. |
Discover in the full audit report |
| TECH_STRINGS_FILE_MISSING | This rule is checking if some .Strings files are missing for the app supported languages. |
Discover in the full audit report |
| TECH_STRINGS_LPROJ_MISSING | This rule is checking if .Strings files are missing. |
Discover in the full audit report |
| TECH_STRINGS_MISSING_KEYS | This rule is checking if some key are missing in Strings files. |
Discover in the full audit report |
| TECH_STRINGS_MISSING_VALUES | This rule is checking if some values are empty |
Discover in the full audit report |
Audit Archer Review - NCLEX App Interactions with the sytem
The app's interactions must also be audited. This includes identifying the interactions supported by the app, such as notifications and background tasks. It is essential to ensure that these interactions are correctly implemented and do not pose any security risks.
| Rule identifiers | Description | Results |
|---|---|---|
| TECH_ENTITLEMENTS_BONUS_MULTIPLE | Bonus - Detect for multiple entitlements. It means that the App interact a lot with the system |
Discover in the full audit report |
| TECH_ENTITLEMENTS_BONUS_ASSOCIATED_DOMAINS | Bonus - Scan for associated domains features. This show a strong integration with the Website |
Discover in the full audit report |
| TECH_EXTENSIONS_BONUS_MULTIPLE | Bonus - Scan for App Extensions. This show a good integration with the syteme. |
Discover in the full audit report |
| TECH_PLIST_BONUS_QUERIED_SCHEMES | Bonus - Scan for Queried Schemes. The is try to interact with multiple Apps? |
Discover in the full audit report |
And you? Do want to scan your Apps?
AppScan is an essential solution for anyone who is serious about developing secure, high-quality iOS apps. With its advanced scanning capabilities, comprehensive reports, and easy-to-use interface, AppScan is the ideal choice for developers who want to ensure that their apps are secure and reliable.
Scan your Apps