Platform

ios

MASVS v1 MSTG-PLATFORM-4

MASVS v2 MASVS-PLATFORM-1

Last updated: November 22, 2023

Testing App Extensions

Overview

Static Analysis

The static analysis will take care of:

• Verifying if the app contains app extensions
• Determining the supported data types
• Checking data sharing with the containing app
• Verifying if the app restricts the use of app extensions

Verifying if the App Contains App Extensions

If you have the original source code you can search for all occurrences of NSExtensionPointIdentifier with Xcode (cmd+shift+f) or take a look into "Build Phases / Embed App extensions":

There you can find the names of all embedded app extensions followed by .appex, now you can navigate to the individual app extensions in the project.

If not having the original source code:

Grep for NSExtensionPointIdentifier among all files inside the app bundle (IPA or installed app):

$ grep -nr NSExtensionPointIdentifier Payload/Telegram\ X.app/
Binary file Payload/Telegram X.app//PlugIns/SiriIntents.appex/Info.plist matches
Binary file Payload/Telegram X.app//PlugIns/Share.appex/Info.plist matches
Binary file Payload/Telegram X.app//PlugIns/NotificationContent.appex/Info.plist matches
Binary file Payload/Telegram X.app//PlugIns/Widget.appex/Info.plist matches
Binary file Payload/Telegram X.app//Watch/Watch.app/PlugIns/Watch Extension.appex/Info.plist matches

You can also access per SSH, find the app bundle and list all inside PlugIns (they are placed there by default) or do it with objection:

```bash ph.telegra.Telegraph on (iPhone: 11.1.2) [usb] # cd PlugIns /var/containers/Bundle/Application/15E6A58F-1CA7-44A4-A9E0-6CA85B65FA35/ Telegram X.app/PlugIns

ph.telegra.Telegraph on (iPhone: 11.1.2) [usb] # ls NSFileType Perms NSFileProtection Read Write Name