Visible to the public CRiOS: Toward Large-Scale iOS Application Analysis

TitleCRiOS: Toward Large-Scale iOS Application Analysis
Publication TypeConference Paper
Year of Publication2016
AuthorsOrikogbo, Damilola, Büchler, Matthias, Egele, Manuel
Conference NameProceedings of the 6th Workshop on Security and Privacy in Smartphones and Mobile Devices
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4564-4
Keywordsacm proceedings, Collaboration, composability, Encryption, Human Behavior, ios, iOS encryption, Metrics, pubcrawl, Resiliency, Scalability, security, SSL Trust Models

Mobile applications - or apps - are one of the main reasons for the unprecedented success smart phones and tablets have experienced over the last decade. Apps are the main interfaces that users deal with when engaging in online banking, checking travel itineraries, or browsing their social network profiles while on the go. Previous research has studied various aspects of mobile application security including data leakage and privilege escalation through confused deputy attacks. However, the vast majority of mobile application research targets Google's Android platform. Few research papers analyze iOS applications and those that focus on the Apple environment perform their analysis on comparatively small datasets (i.e., thousands in iOS vs. hundreds of thousands in Android). As these smaller datasets call into question how representative the gained results are, we propose, implement, and evaluate CRiOS, a fully-automated system that allows us to amass comprehensive datasets of iOS applications which we subject to large-scale analysis. To advance academic research into the iOS platform and its apps, we plan on releasing CRiOS as an open source project. We also use CRiOS to aggregate a dataset of 43,404 iOS applications. Equipped with this dataset we analyze the collected apps to identify third-party libraries that are common among many applications. We also investigate the network communication endpoints referenced by the applications with respect to the endpoints' correct use of TLS/SSL certificates. In summary, we find that the average iOS application consists of 60.2% library classes and only 39.8% developer-authored content. Furthermore, we find that 9.32% of referenced network connection endpoints either entirely omit to cryptographically protect network communications or present untrustworthy SSL certificates.

Citation Keyorikogbo_crios:_2016