MASTG-TEST-0277: Sensitive Data in the iOS General Pasteboard at Runtime
Content in BETA
This content is in beta and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).
Overview¶
This test is the dynamic counterpart to @MASTG-TEST-0x73-1.
In this case we'll monitor the pasteboard for sensitive data being written to it at runtime. Note that this can be challenging to detect, as it requires the app to be running and the pasteboard to be modified while the test is being executed. You can trigger the pasteboard by manually entering sensitive data into the app, such as passwords or personal information, while the test is running. Or you can do it automatically by using a script that simulates user input or modifies the pasteboard directly.
Steps¶
- Monitor the pasteboard for sensitive data using Monitoring the Pasteboard.
- Run the app and perform actions that may write sensitive data to the pasteboard, such as copying passwords or personal information.
Observation¶
The output should contain a list of pasteboard items that were written during the test.
Evaluation¶
The test fails if sensitive data is traced during a write operation to the general pasteboard specifically.