MASTG-TECH-0153: Retrieving Info.plist Files

The Info.plist file is the primary property list configuration file included in every iOS app bundle. It contains key-value pairs that describe the app's configuration, including permissions, capabilities, and security settings such as the App Transport Security (ATS) policy.

After extracting an app with Exploring the App Package, you can locate the Info.plist file at the root of the .app bundle. For example, assuming you have extracted an iOS app named MyApp.ipa using Exploring the App Package, you can run the following command from the Payload/ folder:

find . -name "Info.plist" -maxdepth 2

./MyApp.app/Info.plist

The -maxdepth 2 flag limits the search to the app bundle root and avoids listing Info.plist files from nested frameworks and extensions. If you also need to inspect frameworks or extensions, increase the depth or remove the limit.

Apps distributed through the App Store typically ship the Info.plist in binary plist format. If the file is in binary format, convert it to a human-readable format using Convert Plist Files to JSON before inspecting it, or use Analyzing Info.plist Files to analyze it directly.

Tests

MASTG-TEST-0322: App Transport Security Configurations Allowing Cleartext Traffic MASTG-TEST-0342: References to Weak ATS TLS Policy Exceptions in Info.plist MASTG-TEST-0303: References to APIs for Storing Unencrypted Data in Shared Storage