Testing Third-Party iOS Apps: Why Independent Investigative Research Is Crucial

Testing Third-Party iOS Apps: Why Independent Investigative Research Is Crucial


Security researchers are a critical piece of the mobile application security puzzle, finding malicious apps, reviewing trusted ones for vulnerabilities, and ultimately protecting the safety and security of end users.

Third-party research of iOS apps, for example, has led to the discovery of numerous fraudulent, fleecing, and malicious applications. Recently, Meta researchers found 400 malicious Android and iOS apps designed to steal logins, while another group of researchers uncovered Chat GPT clone apps masquerading on the App Store to capitalize on the chatbot craze.

Though mobile security research is vital, there are a number of roadblocks that hold back research teams from uncovering vulnerabilities before they are exploited. iOS app testing in particular is extremely challenging, particularly because security teams are hindered by a lack of public jailbreaks, consistency in testing environments, and the time it takes to complete a full mobile assessment.

Forward-looking security researchers are now capitalizing on virtualization technology, a powerful tool for mobile app security research, to get ahead of criminals, speed up, and simplify their search for vulnerabilities in applications before they hit the app store.

Common Scenarios for iOS App Testing & Where Virtualization Changes What’s Possible

Bug Bounties

Security researchers commonly test third-party apps as part of a bug bounty program. Companies invite independent security testers to test and report security defects in their iOS mobile apps in exchange for rewards, which can range from hundreds to thousands of dollars per vulnerability. Researchers are incentivized to find and report vulnerabilities, which can then be fixed by the app developer to improve the app's security. 

Through virtualization, researchers have access to a comprehensive list of device and OS combos available and can seamlessly jailbreak or root any device, removing the need to rely on security vulnerabilities. Access to devices and all iOS versions unlocks the potential to rapidly and seamlessly perform vulnerability and exploit research.

Investigating Popular Applications

Independent security researchers are a vital resource for enterprise organizations, helping to discover vulnerabilities before they can be exploited and cause harm to end users. Independent initiatives, like Google Project Zero, have led to the revelation of security defects, like those uncovered in WhatsApp, that allow hackers and foreign governments to compromise the physical devices of iOS users.

To forestall future compromises of this kind, developers and security researchers need to identify vulnerabilities within mobile apps themselves before they can be exploited by attackers and malware. Smart device virtualization is allowing security researchers to participate closer within the software development cycle, simplifying their critical work while also accelerating secure software development. Virtualization makes it possible to fully test apps, performing dynamic testing, static testing, and reverse engineering, to revolutionize how apps are built and tested.

Virtualization Streamlines iOS App Testing for Security Researchers

Corellium has developed the world’s most powerful Arm-based virtualization technology. It allows for iOS devices to be virtualized natively on Arm-based servers, for unmatched virtual model accuracy, performance, and scale.

With Corellium’s powerful Virtual Hardware Platform, security teams have access to endless combinations of iOS device models and operating systems so security testers can focus their energy on the actual work of iOS app testing. Everything teams need to conduct extensive research and testing is available through Corellium’s simple yet powerful browser interface, built-in security tools, and comprehensive APIs.

Virtual devices are propelling iOS app testing into the future. For specifics on how you can install iOS apps for security research purposes, our team gives you a rundown here.