AppScan

AppScan - AI-Powered Application Security Testing Tool - Better Apps with better data

Follow Us

AppScan

AppScan - AI-Powered Application Security Testing Tool - Better Apps with better data

Follow Us

WranglerNet (com.bluemillion.wrangler) AppScan reports & audits

com.bluemillion.wrangler - WranglerNet app icon

How is built WranglerNet iOS App?

When starting an iOS app development project, there are several critical items that developers should consider. In this article, we will discuss the top seven items that should be at the forefront of any iOS app development project.

Decide on the Development Approach: Next, developers must decide on the development approach. There are two main options: native app development and cross-platform app development. While cross-platform development is quicker, native development ensures a better user experience and performance.

Use the Latest Xcode Version: Xcode is the integrated development environment for iOS app development. It is crucial to install the latest version of Xcode to take advantage of new features and bug fixes.

Agree on iOS Version Support: It is also essential to agree on the iOS version support for the app. Consider the latest iOS version, as well as any legacy versions that the app should support.

Make Use of Libraries and Frameworks: Finally, developers should make use of libraries and frameworks to streamline the development process. This can help reduce development time and improve the app's functionality and performance.

ID : com.bluemillion.wrangler

Xcode : 10.2.1 (16E226)

App Technology : Web

Third Party Libraries : , Full list in the report

Apple dylibs : , Full list in the report

What are the main features WranglerNet iOS App?

One way to identify the key features of an iOS app is by examining its App bundle. By scanning the bundle, developers can gain insight into the app's contents, such as its code, resources, and other assets. This information can be useful in understanding how the app functions and what its main features are. Additionally, analyzing the App bundle can help developers identify any potential issues or areas for improvement in the app's design and performance.

Permissions: When an app requests certain permissions, it can give insights into what the app is designed to do. For example, if an app requests permission to access the user's location, it suggests that the app may have a mapping or location-based feature. Similarly, if an app requests permission to access the user's camera or microphone, it suggests that the app may have a video or audio recording feature.

Entitlements: are key value pairs that are signed in to an app and allow authentication beyond runtime factors, like UNIX user ID. Since entitlements are digitally signed, they can’t be changed. Entitlements are used extensively by system apps and daemons to perform specific privileged operations that would otherwise require the process to run as root. This greatly reduces the potential for privilege escalation by a compromised system app or daemon.

Entitlements : 1 entitlements , , Full list in the report

App Private Schemes : 0 schemes , , Full list in the report

Supported Languages : , 0 languages to discover , More data in full report

How WranglerNet iOS App is integrated in the system?

Custom URL Schemes, Universal Links, UIActivity Sharing, App Extensions, UIPasteboard : During implementation of a mobile application, developers may apply traditional techniques for IPC (such as using shared files or network sockets). The IPC system functionality offered by mobile application platforms should be used because it is much more mature than traditional techniques. Using IPC mechanisms with no security in mind may cause the application to leak or expose sensitive data. (Custom URL Schemes, Universal Links, UIActivity Sharing, App Extensions, UIPasteboard).

Query Schemes Registration:iOS 9 introduces LSApplicationQueriesSchemes to allow apps to query if other apps are installed. Specifies the URL schemes you want the app to be able to use.

App Extensions:Together with iOS 8, Apple introduced App Extensions. According to Apple App Extension Programming Guide, app extensions let apps offer custom functionality and content to users while they’re interacting with other apps or the system. In order to do this, they implement specific, well scoped tasks like, for example, define what happens after the user clicks on the Share button and selects some app or action, provide the content for a Today widget or enable a custom keyboard.



Universal Links: Universal links are the iOS equivalent to Android App Links (aka. Digital Asset Links) and are used for deep linking. When tapping a universal link (to the app's website), the user will seamlessly be redirected to the corresponding installed app without going through Safari. If the app isn’t installed, the link will open in Safari.



Requested Schemes : 0 schemes , , Full list in the report

Requested Apps : 0 Apps , , Full list in the report

App Extensions : 0 App extensions , , Full list in the report

How is packaged the WranglerNet iOS App?

The App Bundle is a critical component of iOS app development. It is a collection of all the files and resources required for the app to run, including the code, images, sounds, and other assets.

One of the most important considerations when building an App Bundle is the size of the app. App size can impact user experience and can also affect the download time, especially for users with slower internet connections. Therefore, developers must ensure that the app size is optimized without sacrificing quality.

One way to optimize the App Bundle size is to reduce the number of assets used in the app. While having many assets can improve the app's visual appeal, it can also increase the app size. Therefore, developers should use only the essential assets required to deliver a good user experience.

Number of files : 180 files

Number of medias : 36 files

App Size : 19,6 Mo

After conducting audits of various parameters, AppScan developed a comprehensive scoring system to evaluate the overall quality of the iOS app: The AppScore. The score is based on multiple factors, including the version of Xcode used during development, the permissions requested by the app, and the level of integration with the iOS operating system. By considering these parameters, the scoring system provides a reliable and objective measure of the app's quality, enabling developers to identify areas for improvement and ultimately deliver a better user experience.

Description Scoring
Audit several Security Points of the App 3.4/5
See details
Audit Open Source Librairies used to build the App 5.0/5
See details
Audit tools used to compile the App 3.7/5
See details
Audit Minimum iOS version configuration for the App 5.0/5
See details
Audit the configured permissions 4.4/5
See details
Audit the resources packaged in the App Bundle 4.4/5
See details
Audit the App Size. Is it too big? 4.7/5
See details
Audit the configured supported languages by the App 3.4/5
See details
Audit the App Interactions and how the App is integrated in the system 3.0/5
See details

Audit several Security Points of the WranglerNet iOS App

Finally, the app's security must also be audited. This includes identifying any security vulnerabilities and ensuring that they are addressed. It is also important to ensure that the app complies with the latest security standards and guidelines.

Rule identifiers Description Results
TECH_RESOURCES_FILE_SECURITY This rule in checking if dangerous files are in the bundle. Discover in the full audit report
TECH_PLIST_extraKeys This rule is scanning for extra keys into your plist, that data are really not well secured. Is it safe ? Discover in the full audit report
TECH_PLIST_apiKeys This rule is scanning for api keys into your plist, that data are really not well secured. Is it safe ? Discover in the full audit report
TECH_PLIST_ATS_NSAllowsArbitraryLoads This rule is detecting if ATS.NSAllowsArbitraryLoads exceptions are configured. Discover in the full audit report
TECH_PLIST_ATS_NSAllowsArbitraryLoadsInWebContent This rule is detecting if ATS.NSAllowsArbitraryLoadsInWebContent exceptions are configured. Discover in the full audit report
TECH_PLIST_ATS_NSExceptionDomains This rule is detecting if ATS.NSExceptionDomains exceptions are configured. Discover in the full audit report
TECH_DEEPLINKS_SCHEME_SECURITY The URLScheme is not safe, Apple advise to move to universalLink. Discover in the full audit report
TECH_DEEPLINKS_SCHEME_NOT_UNIQUE This URLScheme is not safe, multiple apps can be opened using it. Discover in the full audit report

Audit the tools used to compile the WranglerNet iOS App

The first step in auditing an iOS app is to identify the tools used in its development. This includes the development environment, version control system, and any other tools used. This information can help determine the level of expertise required to maintain the app.

Rule identifiers Description Results
TECH_XCODE_VERSION_NOT_THE_LAST This rule checks the Xcode version used to compile the App. It's not the last released version. Discover in the full audit report
TECH_XCODE_VERSION_NOT_THE_PREVIOUS_MAJOR This rule checks the Xcode version used to compile the App. It's not the Major released version. Discover in the full audit report

Audit Minimum iOS version configured in WranglerNet iOS App

It is essential to determine the minimum iOS version supported by the app. This information can help determine the level of backward compatibility required and the level of effort required to maintain the app.

Rule identifiers Description Results
TECH_MIN_IOS_VERSION_ONLY_1_MAJOR The App is trageting only one major version ? Maybe not a well targeted number of devices. Discover in the full audit report
TECH_MIN_IOS_VERSION_ONLY_2_MAJORS The App is trageting only two major versions ? Maybe not a well targeted number of devices. Discover in the full audit report

Audit Open source librairies in the WranglerNet iOS App

The use of open-source libraries must also be audited. It is important to identify the licenses of each library and ensure that they are compatible with the app's license. It is also essential to ensure that the libraries are up-to-date and do not pose any security risks.

Rule identifiers Description Results
TECH_LIB_LICENCE_DANGEROUS This rule detects if a license is dangerous for your App. (for example the GPL license) Discover in the full audit report
TECH_LIB_LICENCE_GITHUB_POD_INCOHERENCE This rule detects if a license is may be dangerous for your App. The license is different between github and pod Discover in the full audit report
TECH_LIB_BAD_VITALITY This rule checks the Vitality param (computation to be detailed). Discover in the full audit report
TECH_LIB_NOT_MAJOR This rule checks if your App is using an old version of the librairy. Too old ? Discover in the full audit report

Audit Permissions configured in the WranglerNet iOS App

The app permissions must also be audited. This includes identifying the permissions required by the app, as well as the justification for each permission. It is essential to ensure that the app does not require unnecessary permissions.

Rule identifiers Description Results
TECH_PLIST_PERMISSIONS_DEPRECATED This rule check if deprecated permissions are used. Discover in the full audit report
TECH_PLIST_PERMISSIONS_FEW_PERMISSIONS This rule is there a significant number of permissions Discover in the full audit report
TECH_PLIST_BONUS_PERMISSIONS_LOCATIONS_MULTIPLE Bonus - Multiple type of location permissions are implemented. Discover in the full audit report
TECH_PLIST_BONUS_PERMISSIONS_LOCATIONS_RARE Bonus - the App implement RARE or COMPLEX permissions. That show a real good developer work Discover in the full audit report
TECH_PLIST_BONUS_LOT_OF_PERMISSIONS Bonus - Scan if the App ask for a lot of permissions Discover in the full audit report

Audit WranglerNet App Resources

The app's assets and resources must also be audited. This includes identifying the size of the app and ensuring that it is optimized. It is also important to ensure that the app only includes essential assets and resources.

Rule identifiers Description Results
TECH_RESOURCES_IMAGES_NOT_ASSETS_IN_MAIN This rule in checking if some images are not managed into Assets files for the Main code. Discover in the full audit report
TECH_RESOURCES_IMAGES_MISSING_SCALES_IN_MAIN This rule in checking if some images are missing in the Main bundle. Discover in the full audit report
TECH_ATT_MISSING This rule is checking if you App is missing the NSUserTrackingUsageDescription. Discover in the full audit report
TECH_DEEPLINKS_UNIVERSAL_LINK_JSON_MISSING This rule is checking is the apple association file (apple-app-site-association) is available on the website. Discover in the full audit report
TECH_DEEPLINKS_UNIVERSAL_LINK_JSON_UNCOMPLETE This rule is checking is your App is declarerd on the apple association file (apple-app-site-association) available on the website. Discover in the full audit report

Audit WranglerNet App Size

The size of the app must also be audited. This includes identifying the size of the app and ensuring that it is optimized. It is also important to ensure that the app only includes essential assets and resources.

Rule identifiers Description Results
TECH_SIZE_APP_IS_TOO_BIG_GSM_LIMIT This rule checks if the App size is too big to download in GSM. Discover in the full audit report
TECH_SIZE_APP_IS_BIG This rule checks if the App size is too big. Discover in the full audit report
TECH_SIZE_BIG_FRAMEWORK This framework seems to be big if we compare it to the size of the entire App. Discover in the full audit report
TECH_SIZE_BIG_FILE Big file detected if we compare it to the size of the entire App. Discover in the full audit report
TECH_SIZE_FILE_EMPTY File empty detected if we compare it to the size of the entire App. Discover in the full audit report

Audit WranglerNet supported Languages

The app's supported languages must also be audited. This includes identifying the languages supported by the app and ensuring that they are correctly implemented.

Rule identifiers Description Results
TECH_SUPPORTED_LANGUAGES_MISSING This rule is checking supported languages are implemented Discover in the full audit report
TECH_POOR_NUMBER_SUPPORTED_LANGUAGES_MISSING This rule is checking few supported languages are implemented Discover in the full audit report
TECH_STRINGS_INFOPLIST_MISSING This rule is checking if some InfoPlist.string files are missing. Discover in the full audit report
TECH_STRINGS_FILE_MISSING This rule is checking if some .Strings files are missing for the app supported languages. Discover in the full audit report
TECH_STRINGS_LPROJ_MISSING This rule is checking if .Strings files are missing. Discover in the full audit report
TECH_STRINGS_MISSING_KEYS This rule is checking if some key are missing in Strings files. Discover in the full audit report
TECH_STRINGS_MISSING_VALUES This rule is checking if some values are empty Discover in the full audit report

Audit WranglerNet App Interactions with the sytem

The app's interactions must also be audited. This includes identifying the interactions supported by the app, such as notifications and background tasks. It is essential to ensure that these interactions are correctly implemented and do not pose any security risks.

Rule identifiers Description Results
TECH_ENTITLEMENTS_BONUS_MULTIPLE Bonus - Detect for multiple entitlements. It means that the App interact a lot with the system Discover in the full audit report
TECH_ENTITLEMENTS_BONUS_ASSOCIATED_DOMAINS Bonus - Scan for associated domains features. This show a strong integration with the Website Discover in the full audit report
TECH_EXTENSIONS_BONUS_MULTIPLE Bonus - Scan for App Extensions. This show a good integration with the syteme. Discover in the full audit report
TECH_PLIST_BONUS_QUERIED_SCHEMES Bonus - Scan for Queried Schemes. The is try to interact with multiple Apps? Discover in the full audit report

And you? Do want to scan your Apps?

AppScan is an essential solution for anyone who is serious about developing secure, high-quality iOS apps. With its advanced scanning capabilities, comprehensive reports, and easy-to-use interface, AppScan is the ideal choice for developers who want to ensure that their apps are secure and reliable.

Scan your Apps