💻
Application Security Cheat Sheet
  • Application Security Cheat Sheet
  • Android Application
    • Overview
      • Application Data & Files
      • Application Package
      • Application Sandbox
      • Application Signing
      • Deployment
      • Package Manager
    • Intent Vulnerabilities
      • Deep Linking Vulnerabilities
    • WebView Vulnerabilities
      • WebResourceResponse Vulnerabilities
      • WebSettings Vulnerabilities
  • CI/CD
    • Dependency
      • Dependency Confusion
      • Dependency Hijaking
      • Typosquatting
    • GitHub
      • GitHub Actions
      • Code owners
      • Dependabot
      • Redirect
      • Releases
  • Cloud
    • AWS
      • Amazon API Gateway
      • Amazon Cognito
      • Amazon S3
  • Container
    • Overview
      • Container Basics
      • Docker Engine
    • Escaping
      • CVE List
      • Exposed Docker Socket
      • Excessive Capabilities
      • Host Networking Driver
      • PID Namespace Sharing
      • Sensitive Mounts
    • Container Analysis Tools
  • Framework
    • Spring
      • Overview
      • Mass Assignment
      • Routing Abuse
      • SpEL Injection
      • Spring Boot Actuators
      • Spring Data Redis Insecure Deserialization
      • Spring View Manipulation
    • React
      • Overview
      • Security Issues
  • Linux
    • Overview
      • Philosophy
      • File
      • File Descriptor
      • I/O Redirection
      • Process
      • Inter Process Communication
      • Shell
      • Signals
      • Socket
      • User Space vs Kernel Space
    • Bash Tips
  • iOS Application
    • Overview
      • Application Data & Files
      • Application Package
      • Application Sandbox
      • Application Signing
      • Deployment
    • Getting Started
      • IPA Patching
      • Source Code Patching
      • Testing with Objection
  • Resources
    • Lists
      • Payloads
      • Wordlists
    • Researching
      • Web Application
      • Write-ups
    • Software
      • AWS Tools
      • Azure Tools
      • Component Analysis
      • Docker Analysis
      • Dynamic Analysis
      • Fuzzing
      • GCP Tools
      • Reverse Engineering
      • Static Analysis
      • Vulnerability Scanning
    • Training
      • Secure Development
  • Web Application
    • Abusing HTTP hop-by-hop Request Headers
    • Broken Authentication
      • Two-Factor Authentication Vulnerabilities
    • Command Injection
      • Argument Injection
    • Content Security Policy
    • Cookie Security
      • Cookie Bomb
      • Cookie Jar Overflow
      • Cookie Tossing
    • CORS Misconfiguration
    • File Upload Vulnerabilities
    • GraphQL Vulnerabilities
    • HTML Injection
      • base
      • iframe
      • link
      • meta
      • target attribute
    • HTTP Header Security
    • HTTP Request Smuggling
    • Improper Rate Limits
    • JavaScript Prototype Pollution
    • JSON Web Token Vulnerabilities
    • OAuth 2.0 Vulnerabilities
      • OpenID Connect Vulnerabilities
    • Race Condition
    • Server Side Request Forgery
      • Post Exploitation
    • SVG Abuse
    • Weak Random Generation
    • Web Cache Poisoning
Powered by GitBook
On this page
  • Protections
  • References
  1. iOS Application
  2. Overview

Application Sandbox

PreviousApplication PackageNextApplication Signing

Last updated 3 years ago

On iOS, all third-party applications are "sandboxed", so they are restricted from accessing files stored by other applications or from making changes to the device. Sandboxing prevents applications from gathering or modifying information stored by other applications. Each application has a unique home directory for its files, which is randomly assigned when the application is installed. If a third-party application needs to access information other than its own, it does so only by using services explicitly provided by iOS.

System files and resources are also shielded from the user's applications. The majority of iOS run as the non-privileged user mobile, as do all third-party applications. The entire OS partition is mounted as read-only. Unnecessary tools, such as remote login services, are not included in the system software, and APIs do not allow applications to escalate their own privileges to modify other applications or iOS.

Protections

The restrictions in an App's "jail" include, but are not limited to:

  • Inability to break out of the application's directory. The application sees its own bundle container /var/containers/Bundle/Application/<app-GUID>/ as the root, similar to the system call. As a result, the application has no knowledge of any other installed applications, and cannot access system files.

  • Inability to access any other process on the system, even if that process is owned by the same UID. The application sees itself as the only process executing on the system.

  • Inability to directly use any of the hardware devices (camera, GPS, and etc.) without going through Apple's Frameworks (which in turn can impose restrictions).

  • Inability to dynamically generate code. The low-level implementations of the and system calls (Mach's vm_map_enter and vm_map_protect, respectively) are intentionally modified to prevent any attempts to make writable memory pages executable as well. Combined with code signing and FairPlay, this imposes strong restrictions on what code can be run.

  • Inability to perform any operations. For the mobile user, only certain operations are allowed. Root permissions for an applications (other than Apple's own) are not possible.

References

chroot(2)
mmap(2)
mprotect(2)
Apple Platform Security: Sandboxing
Mac OS X and iOS Internals: To the Apple's Core by Jonathan Levin