iOS Platform Testing Course – iOS Platform Tutorial

You have learned a lot about the Android platform and I am sure that you have enjoyed the tutorial so far. But, we are just at the half of our journey! We will now introduce you the second mobile platform on which you can successfully complete your iOS Platform testing course and learn so many new information which will bring you success. iOS platform is a marvel! Full of the hidden treasures – upgrading and growing more and more each day. So, make sure that you have read all that you need and all that we wrote about the Android platform, so you can take the step forward. After you complete and get the knowledge about all this, you will be surprised how much new options will be opened for you! And don’t forget, always stay informed with the latest tech news!

Here, we will introduce you to the iOS platform. What is it actually? Let’s start with the real introduction! Once you understand it, we will make the whole overview that will make things for you even more clear. It is a mobile operating system device which powers the Apple’s mobile device. That includes the iPhone, iPod touch, and iPad… Besides that, it is also considered as a basis for Apple tv OS. They inherit so many functions from the iOS itself.

On what is iOS based? It is the same as for macOS, which is Apple’s desktop operating system. They are both based on Darwin. Darwin is the open source Unix operating system. It was created and developed by Apple too. Its kernel is XNU (here, you need to understand that X doesn’t mean Unix). It is a really hybrid kernel which combines so many components that can be found on the Mach and also on the FreeBSD kernels.

Also, I would like you to know that the iOS apps actually run in a more restricted environment, which is opposite to their desktop counterparts. They are also isolated from each other at the file system level. Besides being isolated, they need to be significantly limited in the strict terms of the system API access.

What does the Apple do to protect its users from the malicious apps?

The Apple basically restricts and also controls the access to all those apps which are allowed in any way to run on the iOS devices. If you didn’t know, the only official app distribution platform is actually the Apple App Store itself. What can their developers offer? They can offer anything a user wants-an app to buy, to download it, to install it… As you might realize such a distribution has a lot of differences if you compare it to the Android. They support some several app stores and also the side loading, which means to install the app on your iOS device without even using the official App Store. I hope that you have realized the difference.

We will now talk about a bit how are the iOS apps isolated. They are isolated through the Apple sandbox, which was called Seatbealt earlier. What does the Apple sandbox do to isolate those apps? It basically has the mandatory access control (or you know it as MAC) mechanisms which are describing the resources an app can or can’t access. If you compare such an action to the Android’s extensive Binder IPC facilities, you will easily realize that the iOS actually offers a very few IPC options. But why? It minimizes the surface attack which may happen.

Another security advantage the iOS can offer you is that it has the uniform hardware and the very tight hardware and software integration. Besides that, but I am sure that you have already realized it, there are none of the iOS’s devices which wouldn’t guarantee your safety. For such a goal, they use the secure boot, a hardware-backed keychain, a file system encryption and so much more. Also, its updates are most of the times just quickly rolled out to some large percentage of the users. It decreases the need to support some older and also unprotected iOS versions.

Yes, we know how all of this sounds amazing. But, don’t be tricked such easily. iOS developers are well-aware that they still need to work on their security. As the technology changes, the hackers ability change too. What are the places that are left and can have some errors? Those would definitely be the Keychain, data protection, TouchID authentication and also the network security.

 

Cores of the iOS security architecture

The first core is Hardware Security. The iOS architecture of security really makes a great use of it and also enhances the overall performance. Every device from iOS is coming with the two built-in Advanced Encryption Standards. Those are 256-bit keys -GID and -UID. They are both fused and compiled in the app’s processor and also the Secure Enclave. All that happens during the manufacturing. Also, you need to realize that no direct way exists for keys to read the software or the debugging interfaces, for example, a JTAG. Hardware AES crypto-engines make it possible to perform encrypting and decrypting. They also have the exclusive access to such keys.

What is the GID in the hardware security? It is a value which is shared by all of the processors. Those processors are in the class of the devices which are used with a purpose to prevent the tampering with its firmware files and also some other cryptographic tasks. Also, all of that is not done directly, because it is not connected to the user’s private data. As you know, the UIDs are ones which are unique for each device, and here they are used for protecting the key hierarchy. Such a hierarchy is often used for the device-level file system encryption.

We will know talk about the second core. It is called the Secure Boot. Let’s say that the iOS device is powered on. The secure boot then reads the initial instructions which come from the read-only Boot ROM. Such a ROM is bootstrapped by the system. It also contains the immutable code and the Apple Root CA. It is etched into the silicone die all the time of the fabrication process. In that case, it creates a root of trust. iBoot bootloader’s signature is also kept corrected by the Boot ROM.

Now, we will talk about the third core-Code Signing. As you may probably hear, the Apple implemented a DRM system which is elaborative with a purpose to make it sure that only the Apple-approved codes can run on their own devices. So yes, you are not able to run any code that you want on the iOS device. It needs to be jailbroken only unless the Apple allows it in an explicit way.

Encryption and Data Protection. Let’s say that you have downloaded the app from the App Store. Then, the FairPlay Code Encryption is activated and applied. About the FairPlay-it was developed as a DRM. First, it was used for the multimedia content which was purchased from the iTunes. But if you take a closer look at its history, you can see that it was originally created to be applied to MPEG and also the QuickTime streams. Let’s say that you have registered on some new Apple user account. After that, the public and the private key pair will be also immediately be created and assigned to your account too. How does the private key behave? It is securely located on your device. It actually means that the FairPlay-encrypted code can now be decrypted. But, it can happen only on the devices which are actually connected with your account.

Sandbox. The fifth part. Easily said, it is the iOS access control technology. What is the purpose of it? It basically enforces its action and function on the kernel level. Besides that, it has another purpose, and that is to limit the system and user data damage if it appears. It can easily happen when the process of the app composing is happening. If you didn’t know, the sandboxing process was the one which has been the core security feature since the iOS was released for the first time. Can you imagine how powerful it actually is now? Here, all of the apps which are coming from the third-party basically run on the same mobile device. There are only just a few systems which run as root. It is the same for the services. The container is the one which is confined to all of the iOS apps and it is restricting the access to the application’s own files. Also, it has a very limited number of the system APIs. Sandbox also controls the access to all of the resources. Those may be files, IPCs, shared memory or some network sockets.

It is the time to talk about the last part of the core. It is called General Exploit Mitigations. What is the most important to know about this core? First of all, remind yourself that the iOS itself is always implementing the address space layout randomization, also known as ASLR, and eXecute Never (XN) with a purpose to bit the mitigation code execution attacks if they happen. What randomizes the memory location of one’s program executable file, data or even heap? Here, we have ASLR. It basically stacks every time the program is executed.

 

Execute Never mechanisms also allow iOS to mark the selected memory segments of the process as non-executable. There is one more thing I want you to remember and is that all of the iOS apps stack the process heap of the user’s code which is marked as non-executable.

That would be it! Hope that you understood all of the core layers!