Threads - First AppScan

17 Jul 2023 By MORISSARD Jérôme

We have decided to share the AppScan report generated using the AppScan.ai tool for the Threads app released by Instagram.

🆓 Full AppScan report : Threads

Unable to display PDF file. Download instead.

🌐 Minimal iOS version supported

The minimal target is 14.0, it's not a bad idea, it's already covering lot of devices.

🌐 Only mobile

Yes, it’s really a good idea for a “MVP”, the iPad support is not a priority.

🙏 Permissions

  • 10 permissions are requested.
  • The description to enable a feature is sometime not clear “to make some features work.”. How this has been validated on the AppStore?
  • The permissions are not localized by region. How this has been validated on the AppStore?
  • No AppTrackingPrivacy integrated. How this has been validated on the AppStore?

💪 Security

Some things needs to be checked

NSAppTransportSecurity

  • Some exceptions are configured for some domains
  • Some exceptions are configured loading Web Content

Plist keys

  • Some informations are pretty simple to get by readding the Info.plist file

🎩 Entitlements

Data sharing detected with other Meta is detected using 2 mecanisms : Keychain and App Groups. (See the previous article)

⛓ Associated domains

Let’s discover the Threads website

🛫 Outgoing schemes

19 schemes are scanned. Some Schemes are not unique

Do you want to check any Apps?

AppScan is an essential solution for anyone who is serious about developing secure, high-quality iOS apps. With its advanced scanning capabilities, comprehensive reports, and easy-to-use interface, AppScan is the ideal choice for developers who want to ensure that their apps are secure and reliable.

Scan your Apps

Share on: