MASTG-TEST-0220: Usage of Outdated Code Signature Format

Content in BETA

This content is in beta and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

Overview

On iOS, code signatures verify the integrity and authenticity of an app's binary, preventing unauthorized modifications and ensuring that the app is trusted by the operating system. Apple regularly updates its code signature formats to enhance cryptographic strength and improve protection against tampering.

Using an outdated code signature format may expose the app to security risks, as older formats may lack support for current cryptographic standards and may be more vulnerable to manipulation. Adopting the latest code signature format helps maintain app integrity and ensures compatibility with the latest security features in iOS.

Steps

1. Extract the package as described in Exploring the App Package.
2. Obtain the version of the code signature format as described in Obtaining the Code Signature Format Version.

Observation

The output should contain the version of the code signature format.

Evaluation

The test fails if the version is below the recommended one.

Ensure that the app is using the latest code signing format. You can retrieve the signing certificate format with Obtaining the Code Signature Format Version. This will ensure that the integrity of the app is protected according to the latest cryptographic standards, preventing tampering with the app binary and ensuring that the unmodified copy is distributed to users.