TUM Logo

User-Interaction centered Analysis of iOS Apps

User-Interaction centered Analysis of iOS Apps

Supervisor(s): Alexander Küchler, Dr. Julian Schütte
Status: open
Topic: Others
Type of Thesis: Masterthesis Bachelorthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching

Description

Announcement: Bachelor’s Thesis or Master’s Thesis


User-Interaction centered Analysis of iOS Apps


Motivation and Task Description
In the past years, a significant amount of work has been performed in analyzing Android apps because
of its open design and ease to reverse-engineer apps. In contrast, automated analysis of iOS
apps has barely been subject of research and is still an open issue.
While disassembling or lifting ARM binaries and also iOS apps is already covered by a number
of tools, some specifics of the iOS runtime have not yet been addressed. For example, a number
of previous work has focused on resolving function calls from the method dispatching mechanism
used by iOS. However, this does not meet all characteristics of apps. In particular, current tools miss
modelling the lifecycle of apps and their respective components. Another trait of mobile apps is their
event-driven nature and the fact that it heavily requires user interaction on runtime. Consequently,
existing analysis tools suffer from a lack of modelling the dynamic behavior of apps which heavily
impacts also static analysis.
The goal of this work is to integrate these characteristics (app and component lifecycle and user
interaction) into an existing tool. Currently, the tool receives an iOS app as input and transfers it into a
supergraph representation containing the class hierarchy, methods, control-flow graph and call graph
of the app. Together with the new work, this will allow to analyze the control and data flow across
different components and methods and reconstructing the behavior of the app that can be observed
on runtime. Finally, it should be possible to identify how user interaction and input influences the
execution of the app. It should further be possible to identify “interesting” execution traces of the app
and how to trigger them with user interaction.


Requirements
- Good Java skills
- Interest in reverse engineering
- Experience in developing iOS apps is a plus


Contact
Alexander Küchler, Dr. Julian Schütte
Telefon: +49 89 322-9986-185, Telefon: +49 89 322-9986-173
E-Mail: alexander.kuechler@aisec.fraunhofer.de, E-Mail: julian.schuette@aisec.fraunhofer.de
Fraunhofer Research Institution for Applied and Integrated Security (AISEC)
Service & Application Security
Lichtenbergstraße 11, 85748 Garching (near Munich), Germany
https://www.aisec.fraunhofer.de