CylentSec Trellis — iOS Mobile Application Vulnerability SAST Scanner

© 2026 Cylent Security LLC
📦 DVIA-v2 🕐 2026-04-14 20:07:17 📋 834 findings
8
🔴 Critical
124
🟠 High
152
🟡 Medium
41
🔵 Low
509
⚪ Info
834
Total

Findings by Category

String ScanCritical: 4High: 23Info: 1441TLS DelegatesCritical: 2High: 6Medium: 1Low: 3Info: 820CryptographyCritical: 1Medium: 45Secret SinksCritical: 11Insecure StorageHigh: 45Medium: 4Info: 102151SQLite SecurityHigh: 45Info: 79124Biometric AuthHigh: 2Info: 24Credential LoggingHigh: 1Medium: 14Info: 291306Anti-DebugHigh: 1Medium: 13Low: 3448WebView SecurityHigh: 1Medium: 12IPC SecurityMedium: 52Low: 456Obfuscated SecretsMedium: 3838Runtime SecurityMedium: 1111Keychain StorageMedium: 88Deep LinksMedium: 4Info: 610PasteboardMedium: 22Network SecurityInfo: 44Jailbreak DetectionInfo: 22ObfuscationInfo: 11CriticalHighMediumLowInfo

Category Summary

CategoryCHMLITotal
String Scan423001441
TLS Delegates2613820
Cryptography104005
Secret Sinks100001
Insecure Storage04540102151
SQLite Security0450079124
Biometric Auth020024
Credential Logging01140291306
Anti-Debug011334048
WebView Security011002
IPC Security00524056
Obfuscated Secrets00380038
Runtime Security00110011
Keychain Storage008008
Deep Links0040610
Pasteboard002002
Network Security000044
Jailbreak Detection000022
Obfuscation000011
URL Handlers233

Findings

String Scan 4C23H14I 41 findings
🔴 Critical Hardcoded Credential in Auth Function
Description Hardcoded credential string is referenced by authentication function(s)
Location 0x10038631a (Offset: 0x38631a)
Function <string_xref>
Evidence
  • string_value: ev8848@1953
  • auth_functions: _$s7DVIA_v249SensitiveInformationInMemoryDetailsViewControllerC8passwordSSvpfi, _$s7DVIA_v234SensitiveInformationViewControllerC8passwordSSvpfi
  • total_references: 6
Impact Hardcoded credentials in authentication functions allow bypass — attacker can extract credentials from the binary
Recommendation Never hardcode authentication credentials; use secure server-side authentication
🔴 Critical Hardcoded Credential in Auth Function
Description Hardcoded credential string is referenced by authentication function(s)
Location 0x100386408 (Offset: 0x386408)
Function <string_xref>
Evidence
  • string_value: This!sA5Ecret
  • auth_functions: _$s7DVIA_v240ApplicationPatchingDetailsViewControllerC17loginButtonTappedyyypF
  • total_references: 1
Impact Hardcoded credentials in authentication functions allow bypass — attacker can extract credentials from the binary
Recommendation Never hardcode authentication credentials; use secure server-side authentication
🔴 Critical Hardcoded Credential in Auth Function
Description Hardcoded credential string is referenced by authentication function(s)
Location 0x100386cde (Offset: 0x386cde)
Function <string_xref>
Evidence
  • string_value: S@g@rm@7h@8848
  • auth_functions: _$s7DVIA_v240RuntimeManipulationDetailsViewControllerC18loginMethod2TappedyyypF
  • total_references: 1
Impact Hardcoded credentials in authentication functions allow bypass — attacker can extract credentials from the binary
Recommendation Never hardcode authentication credentials; use secure server-side authentication
🔴 Critical Hardcoded Password Used in Crypto Operation
Description Hardcoded password string is referenced by crypto function(s)
Location 0x100389440 (Offset: 0x389440)
Function <string_xref>
Evidence
  • string_value: @daloq3as$qweasdlasasjdnj
  • crypto_functions: _$s7DVIA_v239BrokenCryptographyDetailsViewControllerC21textFieldShouldReturnySbS, _$s7DVIA_v239BrokenCryptographyDetailsViewControllerC21textFieldShouldReturnySbS
  • total_references: 2
Impact Hardcoded encryption password means all installations share the same key — data encrypted by one user can be decrypted by any attacker who extracts this string from the binary
Recommendation Derive encryption keys from user-provided passwords at runtime using PBKDF2 with a random salt, or use iOS Keychain
🟠 High Client-Side Biometric Authentication (String Scan)
Description evaluatePolicy:localizedReason:reply: found without evaluateAccessControl — biometric is not bound to Keychain
Location 0x1003e4876 (Offset: 0x3e4876)
Function evaluatePolicy:localizedReason:reply:
Evidence
  • selector: evaluatePolicy:localizedReason:reply:
  • secure_alternative_present: No
  • detection_method: string_table_scan
Impact Client-side biometric check returns a simple BOOL that can be hooked to always return true via Frida or binary patch
Recommendation Bind biometric to Keychain with SecAccessControlCreateWithFlags + kSecAccessControlBiometryAny
🟠 High Client-Side Biometric Authentication (String Scan)
Description evaluatePolicy:localizedReason:reply: found without evaluateAccessControl — biometric is not bound to Keychain
Location 0x100764e3b (Offset: 0x764e3b)
Function evaluatePolicy:localizedReason:reply:
Evidence
  • selector: evaluatePolicy:localizedReason:reply:
  • secure_alternative_present: No
  • detection_method: string_table_scan
Impact Client-side biometric check returns a simple BOOL that can be hooked to always return true via Frida or binary patch
Recommendation Bind biometric to Keychain with SecAccessControlCreateWithFlags + kSecAccessControlBiometryAny
🟠 High Deprecated UIWebView Usage
Description UIWebView class reference found — deprecated since iOS 12
Location 0x1003871e0 (Offset: 0x3871e0)
Function <string_table>
Evidence
  • class: UIWebView
  • string_context: T@"UIWebView",N,&,VwebView
Impact UIWebView cannot disable JavaScript, has no same-origin policy, and no out-of-process rendering. Memory corruption bugs in JavaScriptCore affect the main app process.
Recommendation Migrate to WKWebView or SFSafariViewController
🟠 High Hardcoded Validation Constant
Description Integer comparison with constant 100 in auth/validation function
Location 0x100049000 (Offset: 0x49000)
Function findManualEdgeMatching:
Evidence
  • constant_value: 100
  • function: findManualEdgeMatching:
  • detection_method: decompiler_cmp_scan
Impact Hardcoded validation code can be extracted from binary or bypassed by patching the comparison
Recommendation Move validation logic server-side; do not use hardcoded codes for authentication
🟠 High Hardcoded Validation Constant
Description Integer comparison with constant 100 in auth/validation function
Location 0x1000a0338 (Offset: 0xa0338)
Function enumerateRowidsMatching:usingBlock:
Evidence
  • constant_value: 100
  • function: enumerateRowidsMatching:usingBlock:
  • detection_method: decompiler_cmp_scan
Impact Hardcoded validation code can be extracted from binary or bypassed by patching the comparison
Recommendation Move validation logic server-side; do not use hardcoded codes for authentication
🟠 High Hardcoded Validation Constant
Description Integer comparison with constant 0x65 in auth/validation function
Location 0x1000a0338 (Offset: 0xa0338)
Function enumerateRowidsMatching:usingBlock:
Evidence
  • constant_value: 0x65
  • function: enumerateRowidsMatching:usingBlock:
  • detection_method: decompiler_cmp_scan
Impact Hardcoded validation code can be extracted from binary or bypassed by patching the comparison
Recommendation Move validation logic server-side; do not use hardcoded codes for authentication
🟠 High Hardcoded Validation Constant
Description Integer comparison with constant 100 in auth/validation function
Location 0x1000a1100 (Offset: 0xa1100)
Function enumerateRowidsMatching:withSnippetOptions:usingBlock:
Evidence
  • constant_value: 100
  • function: enumerateRowidsMatching:withSnippetOptions:usingBlock:
  • detection_method: decompiler_cmp_scan
Impact Hardcoded validation code can be extracted from binary or bypassed by patching the comparison
Recommendation Move validation logic server-side; do not use hardcoded codes for authentication
🟠 High Hardcoded Validation Constant
Description Integer comparison with constant 0x65 in auth/validation function
Location 0x1000a1100 (Offset: 0xa1100)
Function enumerateRowidsMatching:withSnippetOptions:usingBlock:
Evidence
  • constant_value: 0x65
  • function: enumerateRowidsMatching:withSnippetOptions:usingBlock:
  • detection_method: decompiler_cmp_scan
Impact Hardcoded validation code can be extracted from binary or bypassed by patching the comparison
Recommendation Move validation logic server-side; do not use hardcoded codes for authentication
🟠 High Hardcoded Validation Constant
Description Integer comparison with constant 100 in auth/validation function
Location 0x1000a282c (Offset: 0xa282c)
Function rowid:matches:
Evidence
  • constant_value: 100
  • function: rowid:matches:
  • detection_method: decompiler_cmp_scan
Impact Hardcoded validation code can be extracted from binary or bypassed by patching the comparison
Recommendation Move validation logic server-side; do not use hardcoded codes for authentication
🟠 High Hardcoded Validation Constant
Description Integer comparison with constant 0x65 in auth/validation function
Location 0x1000a282c (Offset: 0xa282c)
Function rowid:matches:
Evidence
  • constant_value: 0x65
  • function: rowid:matches:
  • detection_method: decompiler_cmp_scan
Impact Hardcoded validation code can be extracted from binary or bypassed by patching the comparison
Recommendation Move validation logic server-side; do not use hardcoded codes for authentication
🟠 High Hardcoded Validation Constant
Description Integer comparison with constant 100 in auth/validation function
Location 0x1000a2c58 (Offset: 0xa2c58)
Function rowid:matches:withSnippetOptions:
Evidence
  • constant_value: 100
  • function: rowid:matches:withSnippetOptions:
  • detection_method: decompiler_cmp_scan
Impact Hardcoded validation code can be extracted from binary or bypassed by patching the comparison
Recommendation Move validation logic server-side; do not use hardcoded codes for authentication
🟠 High Hardcoded Validation Constant
Description Integer comparison with constant 0x65 in auth/validation function
Location 0x1000a2c58 (Offset: 0xa2c58)
Function rowid:matches:withSnippetOptions:
Evidence
  • constant_value: 0x65
  • function: rowid:matches:withSnippetOptions:
  • detection_method: decompiler_cmp_scan
Impact Hardcoded validation code can be extracted from binary or bypassed by patching the comparison
Recommendation Move validation logic server-side; do not use hardcoded codes for authentication
🟠 High Hardcoded Validation Constant
Description Integer comparison with constant 100 in auth/validation function
Location 0x1000b00a4 (Offset: 0xb00a4)
Function _enumerateRowidsMatchingQuery:usingBlock:
Evidence
  • constant_value: 100
  • function: _enumerateRowidsMatchingQuery:usingBlock:
  • detection_method: decompiler_cmp_scan
Impact Hardcoded validation code can be extracted from binary or bypassed by patching the comparison
Recommendation Move validation logic server-side; do not use hardcoded codes for authentication
🟠 High Hardcoded Validation Constant
Description Integer comparison with constant 100 in auth/validation function
Location 0x1000b00a4 (Offset: 0xb00a4)
Function _enumerateRowidsMatchingQuery:usingBlock:
Evidence
  • constant_value: 100
  • function: _enumerateRowidsMatchingQuery:usingBlock:
  • detection_method: decompiler_cmp_scan
Impact Hardcoded validation code can be extracted from binary or bypassed by patching the comparison
Recommendation Move validation logic server-side; do not use hardcoded codes for authentication
🟠 High Hardcoded Validation Constant
Description Integer comparison with constant 0x65 in auth/validation function
Location 0x1000b00a4 (Offset: 0xb00a4)
Function _enumerateRowidsMatchingQuery:usingBlock:
Evidence
  • constant_value: 0x65
  • function: _enumerateRowidsMatchingQuery:usingBlock:
  • detection_method: decompiler_cmp_scan
Impact Hardcoded validation code can be extracted from binary or bypassed by patching the comparison
Recommendation Move validation logic server-side; do not use hardcoded codes for authentication
🟠 High Hardcoded Validation Constant
Description Integer comparison with constant 0x65 in auth/validation function
Location 0x1000b00a4 (Offset: 0xb00a4)
Function _enumerateRowidsMatchingQuery:usingBlock:
Evidence
  • constant_value: 0x65
  • function: _enumerateRowidsMatchingQuery:usingBlock:
  • detection_method: decompiler_cmp_scan
Impact Hardcoded validation code can be extracted from binary or bypassed by patching the comparison
Recommendation Move validation logic server-side; do not use hardcoded codes for authentication
🟠 High Hardcoded Validation Constant
Description Integer comparison with constant 100 in auth/validation function
Location 0x1000b1620 (Offset: 0xb1620)
Function getNumberOfRows:matchingQuery:
Evidence
  • constant_value: 100
  • function: getNumberOfRows:matchingQuery:
  • detection_method: decompiler_cmp_scan
Impact Hardcoded validation code can be extracted from binary or bypassed by patching the comparison
Recommendation Move validation logic server-side; do not use hardcoded codes for authentication
🟠 High Hardcoded Validation Constant
Description Integer comparison with constant 0x2290 in auth/validation function
Location 0x100116590 (Offset: 0x116590)
Function validateCode:viewController:
Evidence
  • constant_value: 0x2290
  • function: validateCode:viewController:
  • detection_method: decompiler_cmp_scan
Impact Hardcoded validation code can be extracted from binary or bypassed by patching the comparison
Recommendation Move validation logic server-side; do not use hardcoded codes for authentication
🟠 High Hardcoded Validation Constant
Description Integer comparison with constant 0x2f in auth/validation function
Location 0x1001e0354 (Offset: 0x1e0354)
Function isPathMatchedBetweenCookie:andUrl:
Evidence
  • constant_value: 0x2f
  • function: isPathMatchedBetweenCookie:andUrl:
  • detection_method: decompiler_cmp_scan
Impact Hardcoded validation code can be extracted from binary or bypassed by patching the comparison
Recommendation Move validation logic server-side; do not use hardcoded codes for authentication
🟠 High Hardcoded Validation Constant
Description Integer comparison with constant 0xc0 in auth/validation function
Location 0x10022fa38 (Offset: 0x22fa38)
Function _yajl_string_validate_utf8
Evidence
  • constant_value: 0xc0
  • function: _yajl_string_validate_utf8
  • detection_method: decompiler_cmp_scan
Impact Hardcoded validation code can be extracted from binary or bypassed by patching the comparison
Recommendation Move validation logic server-side; do not use hardcoded codes for authentication
🟠 High Hardcoded Validation Constant
Description Integer comparison with constant 0xe0 in auth/validation function
Location 0x10022fa38 (Offset: 0x22fa38)
Function _yajl_string_validate_utf8
Evidence
  • constant_value: 0xe0
  • function: _yajl_string_validate_utf8
  • detection_method: decompiler_cmp_scan
Impact Hardcoded validation code can be extracted from binary or bypassed by patching the comparison
Recommendation Move validation logic server-side; do not use hardcoded codes for authentication
🟠 High Hardcoded Validation Constant
Description Integer comparison with constant 0xf0 in auth/validation function
Location 0x10022fa38 (Offset: 0x22fa38)
Function _yajl_string_validate_utf8
Evidence
  • constant_value: 0xf0
  • function: _yajl_string_validate_utf8
  • detection_method: decompiler_cmp_scan
Impact Hardcoded validation code can be extracted from binary or bypassed by patching the comparison
Recommendation Move validation logic server-side; do not use hardcoded codes for authentication
🟠 High Hardcoded Validation Constant
Description Integer comparison with constant 100 in auth/validation function
Location 0x100363210 (Offset: 0x363210)
Function openAndValidateDatabase
Evidence
  • constant_value: 100
  • function: openAndValidateDatabase
  • detection_method: decompiler_cmp_scan
Impact Hardcoded validation code can be extracted from binary or bypassed by patching the comparison
Recommendation Move validation logic server-side; do not use hardcoded codes for authentication
⚪ Info Jailbreak Detection - Dylib String
Description Jailbreak-related dylib in string table: MobileSubstrate
Location 0x1003828e7 (Offset: 0x3828e7)
Function <string_table>
Evidence
  • dylib: MobileSubstrate
  • detection_method: string_table_scan
Impact Application includes jailbreak detection library checks
Recommendation Verify jailbreak detection cannot be trivially bypassed
⚪ Info Jailbreak Detection - Dylib String
Description Jailbreak-related dylib in string table: cycript
Location 0x1003828f7 (Offset: 0x3828f7)
Function <string_table>
Evidence
  • dylib: cycript
  • detection_method: string_table_scan
Impact Application includes jailbreak detection library checks
Recommendation Verify jailbreak detection cannot be trivially bypassed
⚪ Info Jailbreak Detection - Dylib String
Description Jailbreak-related dylib in string table: SSLKillSwitch
Location 0x1003828ff (Offset: 0x3828ff)
Function <string_table>
Evidence
  • dylib: SSLKillSwitch
  • detection_method: string_table_scan
Impact Application includes jailbreak detection library checks
Recommendation Verify jailbreak detection cannot be trivially bypassed
⚪ Info Jailbreak Detection - Dylib String
Description Jailbreak-related dylib in string table: SSLKillSwitch
Location 0x10038290d (Offset: 0x38290d)
Function <string_table>
Evidence
  • dylib: SSLKillSwitch
  • detection_method: string_table_scan
Impact Application includes jailbreak detection library checks
Recommendation Verify jailbreak detection cannot be trivially bypassed
⚪ Info Jailbreak Detection - Path String
Description Jailbreak-related path in string table: /bin/bash
Location 0x100382a9d (Offset: 0x382a9d)
Function <string_table>
Evidence
  • path: /bin/bash
  • detection_method: string_table_scan
Impact Application includes jailbreak detection path checks
Recommendation Verify jailbreak detection cannot be trivially bypassed
⚪ Info Jailbreak Detection - Path String
Description Jailbreak-related path in string table: /usr/sbin/sshd
Location 0x100382aa7 (Offset: 0x382aa7)
Function <string_table>
Evidence
  • path: /usr/sbin/sshd
  • detection_method: string_table_scan
Impact Application includes jailbreak detection path checks
Recommendation Verify jailbreak detection cannot be trivially bypassed
⚪ Info Jailbreak Detection - Path String
Description Jailbreak-related path in string table: /Applications/Cydia.app
Location 0x1003849b0 (Offset: 0x3849b0)
Function <string_table>
Evidence
  • path: /Applications/Cydia.app
  • detection_method: string_table_scan
Impact Application includes jailbreak detection path checks
Recommendation Verify jailbreak detection cannot be trivially bypassed
⚪ Info Jailbreak Detection - Path String
Description Jailbreak-related path in string table: /Library/MobileSubstrate/MobileSubstrate.dylib
Location 0x1003849d0 (Offset: 0x3849d0)
Function <string_table>
Evidence
  • path: /Library/MobileSubstrate/MobileSubstrate.dylib
  • detection_method: string_table_scan
Impact Application includes jailbreak detection path checks
Recommendation Verify jailbreak detection cannot be trivially bypassed
⚪ Info Jailbreak Detection - Dylib String
Description Jailbreak-related dylib in string table: MobileSubstrate
Location 0x1003849d0 (Offset: 0x3849d0)
Function <string_table>
Evidence
  • dylib: MobileSubstrate
  • detection_method: string_table_scan
Impact Application includes jailbreak detection library checks
Recommendation Verify jailbreak detection cannot be trivially bypassed
⚪ Info Jailbreak Detection - Path String
Description Jailbreak-related path in string table: /etc/apt
Location 0x100384a08 (Offset: 0x384a08)
Function <string_table>
Evidence
  • path: /etc/apt
  • detection_method: string_table_scan
Impact Application includes jailbreak detection path checks
Recommendation Verify jailbreak detection cannot be trivially bypassed
⚪ Info Jailbreak Detection - URL Scheme
Description Jailbreak URL scheme in string table: cydia://
Location 0x100384a40 (Offset: 0x384a40)
Function <string_table>
Evidence
  • scheme: cydia://
  • detection_method: string_table_scan
Impact Application checks for jailbreak app URL schemes
Recommendation Verify jailbreak detection cannot be trivially bypassed
⚪ Info Jailbreak Detection - Dylib String
Description Jailbreak-related dylib in string table: cycript
Location 0x1003890e0 (Offset: 0x3890e0)
Function <string_table>
Evidence
  • dylib: cycript
  • detection_method: string_table_scan
Impact Application includes jailbreak detection library checks
Recommendation Verify jailbreak detection cannot be trivially bypassed
⚪ Info Jailbreak Detection - Dylib String
Description Jailbreak-related dylib in string table: cycript
Location 0x100389150 (Offset: 0x389150)
Function <string_table>
Evidence
  • dylib: cycript
  • detection_method: string_table_scan
Impact Application includes jailbreak detection library checks
Recommendation Verify jailbreak detection cannot be trivially bypassed
⚪ Info Jailbreak Detection - Dylib String
Description Jailbreak-related dylib in string table: cycript
Location 0x1003891f0 (Offset: 0x3891f0)
Function <string_table>
Evidence
  • dylib: cycript
  • detection_method: string_table_scan
Impact Application includes jailbreak detection library checks
Recommendation Verify jailbreak detection cannot be trivially bypassed
TLS Delegates 2C6H1M3L8I 20 findings
🔴 Critical Unconditional TLS Trust
Description TLS delegate unconditionally accepts all certificates without any conditional checks
Location 0x10013c96c (Offset: 0x13c96c)
Function connection:willSendRequestForAuthenticationChallenge:
Evidence
  • method: connection:willSendRequestForAuthenticationChallenge:
  • trust_evaluation: NONE
  • conditional_logic: NONE
Impact TLS certificates *may* be accepted without validation - trivial MitM
Recommendation This may be a false positive if this is a debug build of the app. To verify, ensure the device does not trust the proxy CA cert then try to capture traffic.
🔴 Critical Unconditional TLS Trust
Description TLS delegate unconditionally accepts all certificates without any conditional checks
Location 0x1001f046c (Offset: 0x1f046c)
Function URLSession:task:didReceiveChallenge:completionHandler:
Evidence
  • method: URLSession:task:didReceiveChallenge:completionHandler:
  • trust_evaluation: NONE
  • conditional_logic: NONE
Impact TLS certificates *may* be accepted without validation - trivial MitM
Recommendation This may be a false positive if this is a debug build of the app. To verify, ensure the device does not trust the proxy CA cert then try to capture traffic.
🟠 High Conditional TLS Trust Bypass
Description TLS delegate has conditional logic but no trust evaluation - bypass may be reachable
Location 0x1002d7d9c (Offset: 0x2d7d9c)
Function URLSession:didReceiveChallenge:completionHandler:
Evidence
  • method: URLSession:didReceiveChallenge:completionHandler:
  • trust_evaluation: NONE
  • has_conditional: True
  • debug_guard: NOT DETECTED
Impact Certificate validation bypass may be reachable under certain conditions
Recommendation Review the conditional logic; implement proper SecTrustEvaluateWithError
🟠 High Conditional TLS Trust Bypass
Description TLS delegate has conditional logic but no trust evaluation - bypass may be reachable
Location 0x1002d7d9c (Offset: 0x2d7d9c)
Function URLSession:didReceiveChallenge:completionHandler:
Evidence
  • method: URLSession:didReceiveChallenge:completionHandler:
  • trust_evaluation: NONE
  • has_conditional: True
  • debug_guard: NOT DETECTED
Impact Certificate validation bypass may be reachable under certain conditions
Recommendation Review the conditional logic; implement proper SecTrustEvaluateWithError
🟠 High Conditional TLS Trust Bypass
Description TLS delegate has conditional logic but no trust evaluation - bypass may be reachable
Location 0x1002d7d9c (Offset: 0x2d7d9c)
Function URLSession:didReceiveChallenge:completionHandler:
Evidence
  • method: URLSession:didReceiveChallenge:completionHandler:
  • trust_evaluation: NONE
  • has_conditional: True
  • debug_guard: NOT DETECTED
Impact Certificate validation bypass may be reachable under certain conditions
Recommendation Review the conditional logic; implement proper SecTrustEvaluateWithError
🟠 High Conditional TLS Trust Bypass
Description TLS delegate has conditional logic but no trust evaluation - bypass may be reachable
Location 0x1002d8598 (Offset: 0x2d8598)
Function URLSession:task:didReceiveChallenge:completionHandler:
Evidence
  • method: URLSession:task:didReceiveChallenge:completionHandler:
  • trust_evaluation: NONE
  • has_conditional: True
  • debug_guard: NOT DETECTED
Impact Certificate validation bypass may be reachable under certain conditions
Recommendation Review the conditional logic; implement proper SecTrustEvaluateWithError
🟠 High Conditional TLS Trust Bypass
Description TLS delegate has conditional logic but no trust evaluation - bypass may be reachable
Location 0x1002d8598 (Offset: 0x2d8598)
Function URLSession:task:didReceiveChallenge:completionHandler:
Evidence
  • method: URLSession:task:didReceiveChallenge:completionHandler:
  • trust_evaluation: NONE
  • has_conditional: True
  • debug_guard: NOT DETECTED
Impact Certificate validation bypass may be reachable under certain conditions
Recommendation Review the conditional logic; implement proper SecTrustEvaluateWithError
🟠 High Conditional TLS Trust Bypass
Description TLS delegate has conditional logic but no trust evaluation - bypass may be reachable
Location 0x1002d8598 (Offset: 0x2d8598)
Function URLSession:task:didReceiveChallenge:completionHandler:
Evidence
  • method: URLSession:task:didReceiveChallenge:completionHandler:
  • trust_evaluation: NONE
  • has_conditional: True
  • debug_guard: NOT DETECTED
Impact Certificate validation bypass may be reachable under certain conditions
Recommendation Review the conditional logic; implement proper SecTrustEvaluateWithError
🟡 Medium Legacy NSURLConnection Delegate
Description Legacy NSURLConnection authentication delegate found
Location 0x10013c96c (Offset: 0x13c96c)
Function connection:willSendRequestForAuthenticationChallenge:
Evidence
  • method: connection:willSendRequestForAuthenticationChallenge:
  • pattern: connection:willSendRequestForAuthenticationChallenge:
Impact NSURLConnection is deprecated; legacy delegates may lack modern security
Recommendation Migrate to URLSession with proper delegate implementation
🔵 Low Deprecated Trust Evaluation
Description Using deprecated SecTrustEvaluate API
Location 0x1001c3d38 (Offset: 0x1c3d38)
Function SecTrustEvaluate
Evidence
  • api: SecTrustEvaluate
  • recommended: SecTrustEvaluateWithError
Impact Deprecated API may lack modern security features
Recommendation Use SecTrustEvaluateWithError (iOS 12+) for better error handling
🔵 Low Deprecated Trust Evaluation
Description Using deprecated SecTrustEvaluate API
Location 0x1001dbafc (Offset: 0x1dbafc)
Function SecTrustEvaluate
Evidence
  • api: SecTrustEvaluate
  • recommended: SecTrustEvaluateWithError
Impact Deprecated API may lack modern security features
Recommendation Use SecTrustEvaluateWithError (iOS 12+) for better error handling
🔵 Low Deprecated Trust Evaluation
Description Using deprecated SecTrustEvaluate API
Location 0x1001dba20 (Offset: 0x1dba20)
Function SecTrustEvaluate
Evidence
  • api: SecTrustEvaluate
  • recommended: SecTrustEvaluateWithError
Impact Deprecated API may lack modern security features
Recommendation Use SecTrustEvaluateWithError (iOS 12+) for better error handling
⚪ Info No Certificate Pinning in TLS Delegate
Description TLS delegate does not perform certificate pinning
Location 0x10013c96c (Offset: 0x13c96c)
Function connection:willSendRequestForAuthenticationChallenge:
Evidence
  • method: connection:willSendRequestForAuthenticationChallenge:
  • missing: SecCertificateCopyData / certificate comparison
Impact Without pinning, a CA-issued rogue certificate could be accepted
Recommendation Consider implementing certificate pinning for sensitive connections
⚪ Info No Certificate Pinning in TLS Delegate
Description TLS delegate does not perform certificate pinning
Location 0x1001f046c (Offset: 0x1f046c)
Function URLSession:task:didReceiveChallenge:completionHandler:
Evidence
  • method: URLSession:task:didReceiveChallenge:completionHandler:
  • missing: SecCertificateCopyData / certificate comparison
Impact Without pinning, a CA-issued rogue certificate could be accepted
Recommendation Consider implementing certificate pinning for sensitive connections
⚪ Info No Certificate Pinning in TLS Delegate
Description TLS delegate does not perform certificate pinning
Location 0x1002d7d9c (Offset: 0x2d7d9c)
Function URLSession:didReceiveChallenge:completionHandler:
Evidence
  • method: URLSession:didReceiveChallenge:completionHandler:
  • missing: SecCertificateCopyData / certificate comparison
Impact Without pinning, a CA-issued rogue certificate could be accepted
Recommendation Consider implementing certificate pinning for sensitive connections
⚪ Info No Certificate Pinning in TLS Delegate
Description TLS delegate does not perform certificate pinning
Location 0x1002d7d9c (Offset: 0x2d7d9c)
Function URLSession:didReceiveChallenge:completionHandler:
Evidence
  • method: URLSession:didReceiveChallenge:completionHandler:
  • missing: SecCertificateCopyData / certificate comparison
Impact Without pinning, a CA-issued rogue certificate could be accepted
Recommendation Consider implementing certificate pinning for sensitive connections
⚪ Info No Certificate Pinning in TLS Delegate
Description TLS delegate does not perform certificate pinning
Location 0x1002d7d9c (Offset: 0x2d7d9c)
Function URLSession:didReceiveChallenge:completionHandler:
Evidence
  • method: URLSession:didReceiveChallenge:completionHandler:
  • missing: SecCertificateCopyData / certificate comparison
Impact Without pinning, a CA-issued rogue certificate could be accepted
Recommendation Consider implementing certificate pinning for sensitive connections
⚪ Info No Certificate Pinning in TLS Delegate
Description TLS delegate does not perform certificate pinning
Location 0x1002d8598 (Offset: 0x2d8598)
Function URLSession:task:didReceiveChallenge:completionHandler:
Evidence
  • method: URLSession:task:didReceiveChallenge:completionHandler:
  • missing: SecCertificateCopyData / certificate comparison
Impact Without pinning, a CA-issued rogue certificate could be accepted
Recommendation Consider implementing certificate pinning for sensitive connections
⚪ Info No Certificate Pinning in TLS Delegate
Description TLS delegate does not perform certificate pinning
Location 0x1002d8598 (Offset: 0x2d8598)
Function URLSession:task:didReceiveChallenge:completionHandler:
Evidence
  • method: URLSession:task:didReceiveChallenge:completionHandler:
  • missing: SecCertificateCopyData / certificate comparison
Impact Without pinning, a CA-issued rogue certificate could be accepted
Recommendation Consider implementing certificate pinning for sensitive connections
⚪ Info No Certificate Pinning in TLS Delegate
Description TLS delegate does not perform certificate pinning
Location 0x1002d8598 (Offset: 0x2d8598)
Function URLSession:task:didReceiveChallenge:completionHandler:
Evidence
  • method: URLSession:task:didReceiveChallenge:completionHandler:
  • missing: SecCertificateCopyData / certificate comparison
Impact Without pinning, a CA-issued rogue certificate could be accepted
Recommendation Consider implementing certificate pinning for sensitive connections
Cryptography 1C4M 5 findings
🔴 Critical Critically Low PBKDF2 Iterations (Decompiler)
Description PBKDF2 caller contains integer 200 — likely iteration count (minimum 10000 recommended)
Location 0x10020e384 (Offset: 0x20e384)
Function CCKeyDerivationPBKDF
Evidence
  • rounds_candidate: 200
  • minimum_recommended: 100000
  • caller: initWithPassword:salt:rounds:
  • detection_method: decompiler_fallback
Impact Low iteration count allows brute-force key recovery in seconds
Recommendation Use at least 10000 iterations (OWASP recommends 100000+)
🟡 Medium Crypto Call — Manual Review Required
Description CCCryptorCreate call in crypto-related function (parameters unresolved)
Location 0x10020eba0 (Offset: 0x20eba0)
Function CCCryptorCreate
Evidence
  • caller: createEncryptor
  • crypto_context: symmetric encryption
  • note: Parameter values could not be extracted from decompiler; manual review needed to determine algorithm, key, rounds, etc.
Impact Crypto implementation may use weak parameters (algorithm, key size, iteration count) but static analysis could not confirm
Recommendation Use Frida to hook CCCryptorCreate at runtime and inspect actual parameters, or analyze the caller function in Ghidra decompiler
🟡 Medium Crypto Call — Manual Review Required
Description CCCryptorCreate call in crypto-related function (parameters unresolved)
Location 0x10020f2f8 (Offset: 0x20f2f8)
Function CCCryptorCreate
Evidence
  • caller: ___33-[CBLSymmetricKey_decryptStream:]_block_invoke
  • crypto_context: symmetric encryption
  • note: Parameter values could not be extracted from decompiler; manual review needed to determine algorithm, key, rounds, etc.
Impact Crypto implementation may use weak parameters (algorithm, key size, iteration count) but static analysis could not confirm
Recommendation Use Frida to hook CCCryptorCreate at runtime and inspect actual parameters, or analyze the caller function in Ghidra decompiler
🟡 Medium Crypto Call — Manual Review Required
Description CCKeyDerivationPBKDF call in crypto-related function (parameters unresolved)
Location 0x100183a14 (Offset: 0x183a14)
Function CCKeyDerivationPBKDF
Evidence
  • caller: _$s7DVIA_v242BrokenCryptographyPinDetailsViewControllerC6pbkdf28password4salt...
  • crypto_context: key derivation
  • note: Parameter values could not be extracted from decompiler; manual review needed to determine algorithm, key, rounds, etc.
Impact Crypto implementation may use weak parameters (algorithm, key size, iteration count) but static analysis could not confirm
Recommendation Use Frida to hook CCKeyDerivationPBKDF at runtime and inspect actual parameters, or analyze the caller function in Ghidra decompiler
🟡 Medium Crypto Call — Manual Review Required
Description CCCrypt call in crypto-related function (parameters unresolved)
Location 0x10020f044 (Offset: 0x20f044)
Function CCCrypt
Evidence
  • caller: decryptData:
  • crypto_context: symmetric encryption
  • note: Parameter values could not be extracted from decompiler; manual review needed to determine algorithm, key, rounds, etc.
Impact Crypto implementation may use weak parameters (algorithm, key size, iteration count) but static analysis could not confirm
Recommendation Use Frida to hook CCCrypt at runtime and inspect actual parameters, or analyze the caller function in Ghidra decompiler
Secret Sinks 1C 1 finding
🔴 Critical Hardcoded Secret Flows to Crypto Sink
Description Function references both hardcoded secret and crypto selector 'decryptData:withPassword:error:'
Location 0x1001978e8 (Offset: 0x1978e8)
Function _$s7DVIA_v239BrokenCryptographyDetailsViewControllerC21textFieldShouldReturnySbSo06UITextI0CF
Evidence
  • sink: decryptData:withPassword:error:
  • sink_type: Crypto operation (ObjC dispatch)
  • secret_value: @daloq3as$qweasdlasasjdnj
  • secret_address: 0x100389440
  • crypto_selector: decryptData:withPassword:error:
  • detection_method: forward_selector_search
Impact Hardcoded secret is passed to crypto operation via ObjC message dispatch
Recommendation Derive keys from user input at runtime or use iOS Keychain for secret storage
Insecure Storage 45H4M102I 151 findings
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x10006b94c (Offset: 0x6b94c)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x10002bb34 (Offset: 0x2bb34)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x10006bab8 (Offset: 0x6bab8)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x10006bbe8 (Offset: 0x6bbe8)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x10006bcf8 (Offset: 0x6bcf8)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x1000bbeec (Offset: 0xbbeec)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x1000bc10c (Offset: 0xbc10c)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x1000ac074 (Offset: 0xac074)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x100123204 (Offset: 0x123204)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x10012334c (Offset: 0x12334c)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x10009a914 (Offset: 0x9a914)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x100082e18 (Offset: 0x82e18)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x100083020 (Offset: 0x83020)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x100083328 (Offset: 0x83328)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x100083630 (Offset: 0x83630)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x100062db8 (Offset: 0x62db8)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x100036fb0 (Offset: 0x36fb0)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x10011e38c (Offset: 0x11e38c)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x1000698e0 (Offset: 0x698e0)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x1000699f4 (Offset: 0x699f4)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x100069b10 (Offset: 0x69b10)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x100069c14 (Offset: 0x69c14)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x100069d70 (Offset: 0x69d70)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x100069edc (Offset: 0x69edc)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x100069ff4 (Offset: 0x69ff4)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x10006a10c (Offset: 0x6a10c)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x1000412ac (Offset: 0x412ac)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x1000f140c (Offset: 0xf140c)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x10009d4a4 (Offset: 0x9d4a4)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x10004158c (Offset: 0x4158c)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x1000416ec (Offset: 0x416ec)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x10004184c (Offset: 0x4184c)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x1000419ac (Offset: 0x419ac)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x10009da00 (Offset: 0x9da00)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x1000ac58c (Offset: 0xac58c)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x1000ac830 (Offset: 0xac830)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x1000d8be4 (Offset: 0xd8be4)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x1000bc384 (Offset: 0xbc384)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x1000bc4e4 (Offset: 0xbc4e4)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x10006c2c4 (Offset: 0x6c2c4)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x10006c40c (Offset: 0x6c40c)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x1000ee698 (Offset: 0xee698)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x1000ee7b4 (Offset: 0xee7b4)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x1000eee30 (Offset: 0xeee30)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟠 High SQL Injection Risk
Description Using sqlite3_exec with direct SQL execution
Location 0x1000eef4c (Offset: 0xeef4c)
Function sqlite3_exec
Impact High risk of SQL injection if queries use string concatenation
Recommendation Use sqlite3_prepare_v2 with parameterized queries
🟡 Medium Insecure Archiving
Description Using deprecated archiver without secure coding
Location 0x1002f4bc0 (Offset: 0x2f4bc0)
Function archivedDataWithRootObject:
Impact No protection against deserialization attacks
Recommendation Use archivedDataWithRootObject:requiringSecureCoding:error: with secure coding enabled
🟡 Medium Insecure Archiving
Description Using deprecated archiver without secure coding
Location 0x1002f4cac (Offset: 0x2f4cac)
Function archivedDataWithRootObject:
Impact No protection against deserialization attacks
Recommendation Use archivedDataWithRootObject:requiringSecureCoding:error: with secure coding enabled
🟡 Medium Insecure Archiving
Description Using deprecated archiver without secure coding
Location 0x100348f30 (Offset: 0x348f30)
Function archivedDataWithRootObject:
Impact No protection against deserialization attacks
Recommendation Use archivedDataWithRootObject:requiringSecureCoding:error: with secure coding enabled
🟡 Medium Insecure Archiving
Description Using deprecated archiver without secure coding
Location 0x10036f5a8 (Offset: 0x36f5a8)
Function archivedDataWithRootObject:
Impact No protection against deserialization attacks
Recommendation Use archivedDataWithRootObject:requiringSecureCoding:error: with secure coding enabled
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100175438 (Offset: 0x175438)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100180714 (Offset: 0x180714)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10018496c (Offset: 0x18496c)
Function setBool:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1001984c4 (Offset: 0x1984c4)
Function setBool:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1001b1058 (Offset: 0x1b1058)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1001ea758 (Offset: 0x1ea758)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100206a48 (Offset: 0x206a48)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10020b554 (Offset: 0x20b554)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10020b6a4 (Offset: 0x20b6a4)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100212fa8 (Offset: 0x212fa8)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100226730 (Offset: 0x226730)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100226a94 (Offset: 0x226a94)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100226ac8 (Offset: 0x226ac8)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100226af4 (Offset: 0x226af4)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100226b3c (Offset: 0x226b3c)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100226e24 (Offset: 0x226e24)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100251eac (Offset: 0x251eac)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1002520a8 (Offset: 0x2520a8)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1002636b0 (Offset: 0x2636b0)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10027b62c (Offset: 0x27b62c)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10027b6f8 (Offset: 0x27b6f8)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10027b72c (Offset: 0x27b72c)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1002bee88 (Offset: 0x2bee88)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1002cf850 (Offset: 0x2cf850)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1002d060c (Offset: 0x2d060c)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1002d0a38 (Offset: 0x2d0a38)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1002d0af4 (Offset: 0x2d0af4)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1002d0b24 (Offset: 0x2d0b24)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1002d0c04 (Offset: 0x2d0c04)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1002d0c50 (Offset: 0x2d0c50)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1002d0c74 (Offset: 0x2d0c74)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1002d0c94 (Offset: 0x2d0c94)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1002d152c (Offset: 0x2d152c)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1002e8aa4 (Offset: 0x2e8aa4)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1002f491c (Offset: 0x2f491c)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1002f4950 (Offset: 0x2f4950)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1002f49ac (Offset: 0x2f49ac)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1002f4a40 (Offset: 0x2f4a40)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1002f4f74 (Offset: 0x2f4f74)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1002f50a4 (Offset: 0x2f50a4)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1002f51c4 (Offset: 0x2f51c4)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1002fa668 (Offset: 0x2fa668)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1002fa790 (Offset: 0x2fa790)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1003016ec (Offset: 0x3016ec)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100301968 (Offset: 0x301968)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100301a18 (Offset: 0x301a18)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100301d78 (Offset: 0x301d78)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100301ee0 (Offset: 0x301ee0)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100302340 (Offset: 0x302340)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100302390 (Offset: 0x302390)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100302570 (Offset: 0x302570)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1003031f4 (Offset: 0x3031f4)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10030dd68 (Offset: 0x30dd68)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100315a18 (Offset: 0x315a18)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100315fd4 (Offset: 0x315fd4)
Function setInteger:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100315fc4 (Offset: 0x315fc4)
Function setInteger:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100318a48 (Offset: 0x318a48)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100318ae8 (Offset: 0x318ae8)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100318bb0 (Offset: 0x318bb0)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100318c34 (Offset: 0x318c34)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100322838 (Offset: 0x322838)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10032ec24 (Offset: 0x32ec24)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10032ed98 (Offset: 0x32ed98)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10033039c (Offset: 0x33039c)
Function setInteger:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1003306a8 (Offset: 0x3306a8)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1003306c8 (Offset: 0x3306c8)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info File Write
Description Writing plist file to: 16552
Location 0x100330f4c (Offset: 0x330f4c)
Function writeToFile:atomically:
Evidence
  • path: 16552
Impact Plist files are unencrypted XML/binary format
Recommendation Consider encryption for sensitive data
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1003374e4 (Offset: 0x3374e4)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100337720 (Offset: 0x337720)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1003374e8 (Offset: 0x3374e8)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1003375e0 (Offset: 0x3375e0)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100337554 (Offset: 0x337554)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10033766c (Offset: 0x33766c)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100337724 (Offset: 0x337724)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1003376f8 (Offset: 0x3376f8)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100338510 (Offset: 0x338510)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100337858 (Offset: 0x337858)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10033850c (Offset: 0x33850c)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10034adbc (Offset: 0x34adbc)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10034af88 (Offset: 0x34af88)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10034c3f8 (Offset: 0x34c3f8)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10034c53c (Offset: 0x34c53c)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10034c6f8 (Offset: 0x34c6f8)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10034c800 (Offset: 0x34c800)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10034e28c (Offset: 0x34e28c)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100355c9c (Offset: 0x355c9c)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10035c258 (Offset: 0x35c258)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10035c3dc (Offset: 0x35c3dc)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10035c478 (Offset: 0x35c478)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10035cbc4 (Offset: 0x35cbc4)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10035db64 (Offset: 0x35db64)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10035f13c (Offset: 0x35f13c)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10035f254 (Offset: 0x35f254)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10035f7d4 (Offset: 0x35f7d4)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10035f984 (Offset: 0x35f984)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10035f9f0 (Offset: 0x35f9f0)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10035fb98 (Offset: 0x35fb98)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10035fcb0 (Offset: 0x35fcb0)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x10035ff74 (Offset: 0x35ff74)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1003601d4 (Offset: 0x3601d4)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x1003667a4 (Offset: 0x3667a4)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
⚪ Info UserDefaults Storage
Description Storing data in NSUserDefaults (key unknown)
Location 0x100377308 (Offset: 0x377308)
Function setObject:forKey:
Impact NSUserDefaults is not suitable for sensitive data
Recommendation Verify no sensitive data is stored
SQLite Security 45H79I 124 findings
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x10006b94c (Offset: 0x6b94c)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x10002bb34 (Offset: 0x2bb34)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x10006bab8 (Offset: 0x6bab8)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x10006bbe8 (Offset: 0x6bbe8)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x10006bcf8 (Offset: 0x6bcf8)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x1000bbeec (Offset: 0xbbeec)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x1000bc10c (Offset: 0xbc10c)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x1000ac074 (Offset: 0xac074)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x100123204 (Offset: 0x123204)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x10012334c (Offset: 0x12334c)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x10009a914 (Offset: 0x9a914)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x100082e18 (Offset: 0x82e18)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x100083020 (Offset: 0x83020)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x100083328 (Offset: 0x83328)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x100083630 (Offset: 0x83630)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x100062db8 (Offset: 0x62db8)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x100036fb0 (Offset: 0x36fb0)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x10011e38c (Offset: 0x11e38c)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x1000698e0 (Offset: 0x698e0)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x1000699f4 (Offset: 0x699f4)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x100069b10 (Offset: 0x69b10)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x100069c14 (Offset: 0x69c14)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x100069d70 (Offset: 0x69d70)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x100069edc (Offset: 0x69edc)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x100069ff4 (Offset: 0x69ff4)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x10006a10c (Offset: 0x6a10c)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x1000412ac (Offset: 0x412ac)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x1000f140c (Offset: 0xf140c)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x10009d4a4 (Offset: 0x9d4a4)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x10004158c (Offset: 0x4158c)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x1000416ec (Offset: 0x416ec)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x10004184c (Offset: 0x4184c)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x1000419ac (Offset: 0x419ac)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x10009da00 (Offset: 0x9da00)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x1000ac58c (Offset: 0xac58c)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x1000ac830 (Offset: 0xac830)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x1000d8be4 (Offset: 0xd8be4)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x1000bc384 (Offset: 0xbc384)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x1000bc4e4 (Offset: 0xbc4e4)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x10006c2c4 (Offset: 0x6c2c4)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x10006c40c (Offset: 0x6c40c)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x1000ee698 (Offset: 0xee698)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x1000ee7b4 (Offset: 0xee7b4)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x1000eee30 (Offset: 0xeee30)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
🟠 High SQLite Direct Execution
Description sqlite3_exec used - high risk of SQL injection if query is dynamic
Location 0x1000eef4c (Offset: 0xeef4c)
Function sqlite3_exec
Evidence
  • api: sqlite3_exec
Impact SQL injection can lead to data theft, modification, or deletion
Recommendation Use sqlite3_prepare_v2 with parameterized queries instead
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000db894 (Offset: 0xdb894)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x100083aa4 (Offset: 0x83aa4)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000dba24 (Offset: 0xdba24)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000dbbb4 (Offset: 0xdbbb4)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x100263dc4 (Offset: 0x263dc4)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000dbd44 (Offset: 0xdbd44)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000dbed4 (Offset: 0xdbed4)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000dc064 (Offset: 0xdc064)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x10006b234 (Offset: 0x6b234)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x10003f490 (Offset: 0x3f490)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000db3e4 (Offset: 0xdb3e4)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000db574 (Offset: 0xdb574)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x10006b648 (Offset: 0x6b648)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000db704 (Offset: 0xdb704)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x100017f10 (Offset: 0x17f10)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000de904 (Offset: 0xde904)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x10008b0ac (Offset: 0x8b0ac)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x10006aa94 (Offset: 0x6aa94)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000dea94 (Offset: 0xdea94)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x100027e1c (Offset: 0x27e1c)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x10006ae38 (Offset: 0x6ae38)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x10009eff4 (Offset: 0x9eff4)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x10012a1c0 (Offset: 0x12a1c0)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000de134 (Offset: 0xde134)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x10006a260 (Offset: 0x6a260)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000de2c4 (Offset: 0xde2c4)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x10012a3e4 (Offset: 0x12a3e4)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000de454 (Offset: 0xde454)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1001225d8 (Offset: 0x1225d8)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x10006a5dc (Offset: 0x6a5dc)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000de5e4 (Offset: 0xde5e4)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x100016c80 (Offset: 0x16c80)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000ba960 (Offset: 0xba960)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000de774 (Offset: 0xde774)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000aea34 (Offset: 0xaea34)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x10002eaa8 (Offset: 0x2eaa8)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x100129930 (Offset: 0x129930)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000dd964 (Offset: 0xdd964)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x100025eb8 (Offset: 0x25eb8)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x100026400 (Offset: 0x26400)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x100129b54 (Offset: 0x129b54)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000ddaf4 (Offset: 0xddaf4)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000ddc84 (Offset: 0xddc84)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x100129d78 (Offset: 0x129d78)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000dde14 (Offset: 0xdde14)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x100129f9c (Offset: 0x129f9c)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000ddfa4 (Offset: 0xddfa4)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000dd194 (Offset: 0xdd194)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000dd324 (Offset: 0xdd324)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x100015ab0 (Offset: 0x15ab0)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1001296dc (Offset: 0x1296dc)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000dd4b4 (Offset: 0xdd4b4)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x10008dacc (Offset: 0x8dacc)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000dd644 (Offset: 0xdd644)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000b17e8 (Offset: 0xb17e8)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000dd7d4 (Offset: 0xdd7d4)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x10006c8d0 (Offset: 0x6c8d0)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000dc9c4 (Offset: 0xdc9c4)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000dcb54 (Offset: 0xdcb54)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000dcce4 (Offset: 0xdcce4)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x100264d64 (Offset: 0x264d64)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x10020cdf8 (Offset: 0x20cdf8)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000dce74 (Offset: 0xdce74)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x100118fc0 (Offset: 0x118fc0)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000f4fb4 (Offset: 0xf4fb4)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x10012926c (Offset: 0x12926c)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000dd004 (Offset: 0xdd004)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000b0254 (Offset: 0xb0254)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000dc1f4 (Offset: 0xdc1f4)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1002642ec (Offset: 0x2642ec)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000dc384 (Offset: 0xdc384)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x100265d8c (Offset: 0x265d8c)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1003644d4 (Offset: 0x3644d4)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000dc514 (Offset: 0xdc514)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x10006c594 (Offset: 0x6c594)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000dc6a4 (Offset: 0xdc6a4)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000c0bb4 (Offset: 0xc0bb4)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x1000dc834 (Offset: 0xdc834)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
⚪ Info SQLite Prepared Statement
Description sqlite3_prepare_v2 used (safer than sqlite3_exec)
Location 0x100072b7c (Offset: 0x72b7c)
Function sqlite3_prepare_v2
Evidence
  • api: sqlite3_prepare_v2
Impact Prepared statements prevent SQL injection when used correctly
Recommendation Ensure all dynamic values use sqlite3_bind_* functions
Biometric Auth 2H2I 4 findings
🟠 High Client-Side Biometric Authentication
Description LAContext.evaluatePolicy used for biometric auth - trivially bypassable
Location 0x1001601bc (Offset: 0x1601bc)
Function evaluatePolicy:localizedReason:reply:
Evidence
  • api: evaluatePolicy:localizedReason:reply:
  • bypass_methods: Frida hook, binary patch, ObjC swizzle
Impact Client-side biometric check returns a simple BOOL that can be hooked to always return true
Recommendation Bind biometric to Keychain with SecAccessControlCreateWithFlags + kSecAccessControlBiometryAny
🟠 High Client-Side Biometric Authentication
Description LAContext.evaluatePolicy used for biometric auth - trivially bypassable
Location 0x100371908 (Offset: 0x371908)
Function evaluatePolicy:localizedReason:reply:
Evidence
  • api: evaluatePolicy:localizedReason:reply:
  • bypass_methods: Frida hook, binary patch, ObjC swizzle
Impact Client-side biometric check returns a simple BOOL that can be hooked to always return true
Recommendation Bind biometric to Keychain with SecAccessControlCreateWithFlags + kSecAccessControlBiometryAny
⚪ Info Biometric Availability Check
Description Application checks biometric availability via canEvaluatePolicy
Location 0x100160064 (Offset: 0x160064)
Function canEvaluatePolicy:error:
Evidence
  • api: canEvaluatePolicy:error:
Impact Biometric authentication is available in this app
Recommendation Verify biometric is combined with Keychain access control
⚪ Info Biometric Availability Check
Description Application checks biometric availability via canEvaluatePolicy
Location 0x10036f968 (Offset: 0x36f968)
Function canEvaluatePolicy:error:
Evidence
  • api: canEvaluatePolicy:error:
Impact Biometric authentication is available in this app
Recommendation Verify biometric is combined with Keychain access control
Credential Logging 1H14M291I 306 findings
🟠 High Sensitive Data in Log
Description Potential sensitive data 'iv' found in log message
Location 0x1002b3bcc (Offset: 0x2b3bcc)
Function asl_log
Evidence
  • keyword: iv
  • context: [PLCrashReporter] Failure occured deleting live crash report: %s
Impact 'iv' related data may be leaked to device logs
Recommendation Remove sensitive data from logs or use privacy modifiers
🟡 Medium Deprecated ASL Logging
Description asl_log call detected - deprecated API
Location 0x1002b3b10 (Offset: 0x2b3b10)
Function asl_log
Evidence
  • api: asl_log
Impact ASL is deprecated; logs may have inconsistent behavior
Recommendation Migrate to os_log unified logging
🟡 Medium Deprecated ASL Logging
Description asl_log call detected - deprecated API
Location 0x1002b3bcc (Offset: 0x2b3bcc)
Function asl_log
Evidence
  • api: asl_log
Impact ASL is deprecated; logs may have inconsistent behavior
Recommendation Migrate to os_log unified logging
🟡 Medium Deprecated ASL Logging
Description asl_log call detected - deprecated API
Location 0x1002cb0c4 (Offset: 0x2cb0c4)
Function asl_log
Evidence
  • api: asl_log
Impact ASL is deprecated; logs may have inconsistent behavior
Recommendation Migrate to os_log unified logging
🟡 Medium Deprecated ASL Logging
Description asl_log call detected - deprecated API
Location 0x1002cb708 (Offset: 0x2cb708)
Function asl_log
Evidence
  • api: asl_log
Impact ASL is deprecated; logs may have inconsistent behavior
Recommendation Migrate to os_log unified logging
🟡 Medium Deprecated ASL Logging
Description asl_log call detected - deprecated API
Location 0x1002cad70 (Offset: 0x2cad70)
Function asl_log
Evidence
  • api: asl_log
Impact ASL is deprecated; logs may have inconsistent behavior
Recommendation Migrate to os_log unified logging
🟡 Medium Deprecated ASL Logging
Description asl_log call detected - deprecated API
Location 0x1002cadc8 (Offset: 0x2cadc8)
Function asl_log
Evidence
  • api: asl_log
Impact ASL is deprecated; logs may have inconsistent behavior
Recommendation Migrate to os_log unified logging
🟡 Medium Deprecated ASL Logging
Description asl_log call detected - deprecated API
Location 0x1002c2cb8 (Offset: 0x2c2cb8)
Function asl_log
Evidence
  • api: asl_log
Impact ASL is deprecated; logs may have inconsistent behavior
Recommendation Migrate to os_log unified logging
🟡 Medium Deprecated ASL Logging
Description asl_log call detected - deprecated API
Location 0x1002cb03c (Offset: 0x2cb03c)
Function asl_log
Evidence
  • api: asl_log
Impact ASL is deprecated; logs may have inconsistent behavior
Recommendation Migrate to os_log unified logging
🟡 Medium Deprecated ASL Logging
Description asl_log call detected - deprecated API
Location 0x1002b9418 (Offset: 0x2b9418)
Function asl_log
Evidence
  • api: asl_log
Impact ASL is deprecated; logs may have inconsistent behavior
Recommendation Migrate to os_log unified logging
🟡 Medium Deprecated ASL Logging
Description asl_log call detected - deprecated API
Location 0x1002b9598 (Offset: 0x2b9598)
Function asl_log
Evidence
  • api: asl_log
Impact ASL is deprecated; logs may have inconsistent behavior
Recommendation Migrate to os_log unified logging
🟡 Medium Deprecated ASL Logging
Description asl_log call detected - deprecated API
Location 0x1002b41bc (Offset: 0x2b41bc)
Function asl_log
Evidence
  • api: asl_log
Impact ASL is deprecated; logs may have inconsistent behavior
Recommendation Migrate to os_log unified logging
🟡 Medium Deprecated ASL Logging
Description asl_log call detected - deprecated API
Location 0x1002b4260 (Offset: 0x2b4260)
Function asl_log
Evidence
  • api: asl_log
Impact ASL is deprecated; logs may have inconsistent behavior
Recommendation Migrate to os_log unified logging
🟡 Medium Deprecated ASL Logging
Description asl_log call detected - deprecated API
Location 0x1000a4368 (Offset: 0xa4368)
Function asl_log
Evidence
  • api: asl_log
Impact ASL is deprecated; logs may have inconsistent behavior
Recommendation Migrate to os_log unified logging
🟡 Medium Deprecated ASL Logging
Description asl_log call detected - deprecated API
Location 0x1002b2e74 (Offset: 0x2b2e74)
Function asl_log
Evidence
  • api: asl_log
Impact ASL is deprecated; logs may have inconsistent behavior
Recommendation Migrate to os_log unified logging
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1001b907c (Offset: 0x1b907c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002f38a4 (Offset: 0x2f38a4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002f38ec (Offset: 0x2f38ec)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100210fa0 (Offset: 0x210fa0)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100211004 (Offset: 0x211004)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002dfad8 (Offset: 0x2dfad8)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002e3b24 (Offset: 0x2e3b24)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10032b928 (Offset: 0x32b928)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10012f9b4 (Offset: 0x12f9b4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10031b9d8 (Offset: 0x31b9d8)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10033fb94 (Offset: 0x33fb94)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10034b9fc (Offset: 0x34b9fc)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002e7ae0 (Offset: 0x2e7ae0)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002f3cac (Offset: 0x2f3cac)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10031bb94 (Offset: 0x31bb94)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030bbe4 (Offset: 0x30bbe4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030bc28 (Offset: 0x30bc28)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030bccc (Offset: 0x30bccc)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030b324 (Offset: 0x30b324)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030b4d8 (Offset: 0x30b4d8)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030b550 (Offset: 0x30b550)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10032fe0c (Offset: 0x32fe0c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100347c6c (Offset: 0x347c6c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100347c8c (Offset: 0x347c8c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100347ce8 (Offset: 0x347ce8)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100347d4c (Offset: 0x347d4c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100347d6c (Offset: 0x347d6c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100347dc0 (Offset: 0x347dc0)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100347e08 (Offset: 0x347e08)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100347e24 (Offset: 0x347e24)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100347e48 (Offset: 0x347e48)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002dfe18 (Offset: 0x2dfe18)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100323ddc (Offset: 0x323ddc)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100263d3c (Offset: 0x263d3c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100263e58 (Offset: 0x263e58)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100263eb0 (Offset: 0x263eb0)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100264038 (Offset: 0x264038)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100264048 (Offset: 0x264048)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002efda8 (Offset: 0x2efda8)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030be3c (Offset: 0x30be3c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10035bdb8 (Offset: 0x35bdb8)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10031be94 (Offset: 0x31be94)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10035be14 (Offset: 0x35be14)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10035be70 (Offset: 0x35be70)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002cfef8 (Offset: 0x2cfef8)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100330058 (Offset: 0x330058)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1003300e0 (Offset: 0x3300e0)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10035bec8 (Offset: 0x35bec8)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100347f9c (Offset: 0x347f9c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002d02dc (Offset: 0x2d02dc)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030fffc (Offset: 0x30fffc)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002e3ff8 (Offset: 0x2e3ff8)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10033412c (Offset: 0x33412c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10032f188 (Offset: 0x32f188)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100327288 (Offset: 0x327288)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1003272d0 (Offset: 0x3272d0)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030b218 (Offset: 0x30b218)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030b270 (Offset: 0x30b270)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10033f39c (Offset: 0x33f39c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030f2bc (Offset: 0x30f2bc)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030f2d8 (Offset: 0x30f2d8)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030f454 (Offset: 0x30f454)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030f498 (Offset: 0x30f498)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100323340 (Offset: 0x323340)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002d34f4 (Offset: 0x2d34f4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002d3574 (Offset: 0x2d3574)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10034b3fc (Offset: 0x34b3fc)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10032f38c (Offset: 0x32f38c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1003074e8 (Offset: 0x3074e8)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10031f4c8 (Offset: 0x31f4c8)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100323474 (Offset: 0x323474)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100307698 (Offset: 0x307698)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002d37ec (Offset: 0x2d37ec)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002f3738 (Offset: 0x2f3738)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10026371c (Offset: 0x26371c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002cf9f4 (Offset: 0x2cf9f4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10031b818 (Offset: 0x31b818)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10034b940 (Offset: 0x34b940)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030f828 (Offset: 0x30f828)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002ceb58 (Offset: 0x2ceb58)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10019e940 (Offset: 0x19e940)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002f2a84 (Offset: 0x2f2a84)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100312aac (Offset: 0x312aac)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10033aa60 (Offset: 0x33aa60)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100356b58 (Offset: 0x356b58)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100356bec (Offset: 0x356bec)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100356c08 (Offset: 0x356c08)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100312be4 (Offset: 0x312be4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030adbc (Offset: 0x30adbc)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10033ad24 (Offset: 0x33ad24)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100262d0c (Offset: 0x262d0c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002f2e38 (Offset: 0x2f2e38)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100356ce4 (Offset: 0x356ce4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100356d70 (Offset: 0x356d70)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100356d94 (Offset: 0x356d94)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10033ee4c (Offset: 0x33ee4c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1003070a8 (Offset: 0x3070a8)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100262e38 (Offset: 0x262e38)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100262e7c (Offset: 0x262e7c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10033ae94 (Offset: 0x33ae94)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002eefb4 (Offset: 0x2eefb4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100312edc (Offset: 0x312edc)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100313124 (Offset: 0x313124)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1001f2ea4 (Offset: 0x1f2ea4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1001f3290 (Offset: 0x1f3290)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10033f084 (Offset: 0x33f084)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10032704c (Offset: 0x32704c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100327094 (Offset: 0x327094)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100347a04 (Offset: 0x347a04)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100347a88 (Offset: 0x347a88)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100347b0c (Offset: 0x347b0c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100347b90 (Offset: 0x347b90)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10034b074 (Offset: 0x34b074)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10034b15c (Offset: 0x34b15c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10034b1b8 (Offset: 0x34b1b8)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030e158 (Offset: 0x30e158)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10031a404 (Offset: 0x31a404)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10033e1ec (Offset: 0x33e1ec)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030a32c (Offset: 0x30a32c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10033a444 (Offset: 0x33a444)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1003425d4 (Offset: 0x3425d4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002d6538 (Offset: 0x2d6538)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002d65f0 (Offset: 0x2d65f0)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10032e518 (Offset: 0x32e518)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1003265a0 (Offset: 0x3265a0)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100316540 (Offset: 0x316540)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10033a610 (Offset: 0x33a610)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100306a60 (Offset: 0x306a60)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10033e794 (Offset: 0x33e794)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1003166c4 (Offset: 0x3166c4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10032e704 (Offset: 0x32e704)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1003267b0 (Offset: 0x3267b0)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10031aaa0 (Offset: 0x31aaa0)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1003428f0 (Offset: 0x3428f0)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10033a860 (Offset: 0x33a860)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10034596c (Offset: 0x34596c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002dd830 (Offset: 0x2dd830)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002dd9a8 (Offset: 0x2dd9a8)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002dd9ec (Offset: 0x2dd9ec)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002dda74 (Offset: 0x2dda74)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002ddab8 (Offset: 0x2ddab8)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002ddae8 (Offset: 0x2ddae8)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100329a8c (Offset: 0x329a8c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1003219f4 (Offset: 0x3219f4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100335d14 (Offset: 0x335d14)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100309b8c (Offset: 0x309b8c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10033db84 (Offset: 0x33db84)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002ddc0c (Offset: 0x2ddc0c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002ddc90 (Offset: 0x2ddc90)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100329c78 (Offset: 0x329c78)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100321d04 (Offset: 0x321d04)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100321dec (Offset: 0x321dec)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030dc58 (Offset: 0x30dc58)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10033dcd4 (Offset: 0x33dcd4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100311e90 (Offset: 0x311e90)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100339dd0 (Offset: 0x339dd0)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100339e18 (Offset: 0x339e18)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10032226c (Offset: 0x32226c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10031a02c (Offset: 0x31a02c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100339ee8 (Offset: 0x339ee8)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100339f30 (Offset: 0x339f30)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100335ff4 (Offset: 0x335ff4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030a018 (Offset: 0x30a018)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030a10c (Offset: 0x30a10c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10032113c (Offset: 0x32113c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100321258 (Offset: 0x321258)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1003112a0 (Offset: 0x3112a0)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1003491e4 (Offset: 0x3491e4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10034d314 (Offset: 0x34d314)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1003191d8 (Offset: 0x3191d8)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100321400 (Offset: 0x321400)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10032151c (Offset: 0x32151c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1003113ec (Offset: 0x3113ec)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030d560 (Offset: 0x30d560)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030d618 (Offset: 0x30d618)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10031df38 (Offset: 0x31df38)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1003195d0 (Offset: 0x3195d0)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100265614 (Offset: 0x265614)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100265698 (Offset: 0x265698)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100311604 (Offset: 0x311604)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100311678 (Offset: 0x311678)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002dd6a0 (Offset: 0x2dd6a0)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1003358a4 (Offset: 0x3358a4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1003457d0 (Offset: 0x3457d0)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002dd758 (Offset: 0x2dd758)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002fd7e8 (Offset: 0x2fd7e8)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002657e8 (Offset: 0x2657e8)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10033d8ac (Offset: 0x33d8ac)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10033d8f4 (Offset: 0x33d8f4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10033d9c0 (Offset: 0x33d9c0)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10033da10 (Offset: 0x33da10)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10033dad0 (Offset: 0x33dad0)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002dd7d8 (Offset: 0x2dd7d8)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100348980 (Offset: 0x348980)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1003489c0 (Offset: 0x3489c0)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10013496c (Offset: 0x13496c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002cca80 (Offset: 0x2cca80)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100334aa8 (Offset: 0x334aa8)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100334afc (Offset: 0x334afc)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10034ca1c (Offset: 0x34ca1c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100348b38 (Offset: 0x348b38)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100348b78 (Offset: 0x348b78)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10034cac0 (Offset: 0x34cac0)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10031cbcc (Offset: 0x31cbcc)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030cf04 (Offset: 0x30cf04)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030cf44 (Offset: 0x30cf44)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100334c88 (Offset: 0x334c88)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100310c54 (Offset: 0x310c54)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002cccd4 (Offset: 0x2cccd4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10031cde8 (Offset: 0x31cde8)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002fcf08 (Offset: 0x2fcf08)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002dd2d4 (Offset: 0x2dd2d4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100310e28 (Offset: 0x310e28)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002d0f20 (Offset: 0x2d0f20)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100310ebc (Offset: 0x310ebc)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100349008 (Offset: 0x349008)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1000f0f20 (Offset: 0xf0f20)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1000f0f48 (Offset: 0xf0f48)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1000f116c (Offset: 0xf116c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1003110bc (Offset: 0x3110bc)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002d1094 (Offset: 0x2d1094)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002fd188 (Offset: 0x2fd188)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002d411c (Offset: 0x2d411c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100310100 (Offset: 0x310100)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100300190 (Offset: 0x300190)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100330254 (Offset: 0x330254)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10031022c (Offset: 0x31022c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10034824c (Offset: 0x34824c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1003482c8 (Offset: 0x3482c8)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100348368 (Offset: 0x348368)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1003483a4 (Offset: 0x3483a4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10031c2bc (Offset: 0x31c2bc)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100211a90 (Offset: 0x211a90)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100334258 (Offset: 0x334258)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002d42c4 (Offset: 0x2d42c4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100264264 (Offset: 0x264264)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100264340 (Offset: 0x264340)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100264350 (Offset: 0x264350)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002644d4 (Offset: 0x2644d4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100264584 (Offset: 0x264584)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10026463c (Offset: 0x26463c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10026464c (Offset: 0x26464c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1001bc33c (Offset: 0x1bc33c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100310354 (Offset: 0x310354)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002cc3e4 (Offset: 0x2cc3e4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10031c4c4 (Offset: 0x31c4c4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100310448 (Offset: 0x310448)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100134598 (Offset: 0x134598)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100134650 (Offset: 0x134650)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002e4668 (Offset: 0x2e4668)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100330764 (Offset: 0x330764)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100310544 (Offset: 0x310544)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1003485f4 (Offset: 0x3485f4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100348670 (Offset: 0x348670)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100348710 (Offset: 0x348710)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10034874c (Offset: 0x34874c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002d0cac (Offset: 0x2d0cac)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002f45f0 (Offset: 0x2f45f0)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1003406c4 (Offset: 0x3406c4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10031c6c0 (Offset: 0x31c6c0)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100310750 (Offset: 0x310750)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030469c (Offset: 0x30469c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002dcbb8 (Offset: 0x2dcbb8)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1003287a0 (Offset: 0x3287a0)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100304814 (Offset: 0x304814)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10013485c (Offset: 0x13485c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1003109ac (Offset: 0x3109ac)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100334920 (Offset: 0x334920)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1003408c8 (Offset: 0x3408c8)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002e4a14 (Offset: 0x2e4a14)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10020cf7c (Offset: 0x20cf7c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030b0a0 (Offset: 0x30b0a0)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100262d64 (Offset: 0x262d64)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100304404 (Offset: 0x304404)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030a1a4 (Offset: 0x30a1a4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030a49c (Offset: 0x30a49c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030a570 (Offset: 0x30a570)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030a618 (Offset: 0x30a618)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10030a6c0 (Offset: 0x30a6c0)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10031f520 (Offset: 0x31f520)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100320f6c (Offset: 0x320f6c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10032a9e4 (Offset: 0x32a9e4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10033a924 (Offset: 0x33a924)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10034d528 (Offset: 0x34d528)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10019ed7c (Offset: 0x19ed7c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002ce904 (Offset: 0x2ce904)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002e3448 (Offset: 0x2e3448)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x1002f31b4 (Offset: 0x2f31b4)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10031c784 (Offset: 0x31c784)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x10032866c (Offset: 0x32866c)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
⚪ Info NSLog in Production
Description NSLog call detected - logs are visible in device console
Location 0x100346d70 (Offset: 0x346d70)
Function NSLog
Evidence
  • api: NSLog
Impact NSLog output can be read by any app or attacker with device access
Recommendation Use os_log with privacy modifiers or remove in production builds
Anti-Debug 1H13M34L 48 findings
🟠 High Anti-Debug: dlsym
Description dlsym call detected (dynamic symbol resolution, may resolve anti-debug APIs at runtime)
Location 0x10011e07c (Offset: 0x11e07c)
Function dlsym
Evidence
  • technique: Dynamic symbol resolution
  • note: May resolve ptrace, sysctl, or other anti-debug functions to evade static analysis
  • caller: _disable_gdb
  • caller_context: GDB/debugger disabling function
Impact Can dynamically resolve security-sensitive functions to bypass static analysis detection
Recommendation Hook ptrace in '_disable_gdb' and return 0 to prevent debugger denial; alternatively NOP the call instruction
🟡 Medium Anti-Injection: _dyld_get_image_name
Description _dyld_get_image_name call detected (enumerates loaded library paths)
Location 0x10011e0e8 (Offset: 0x11e0e8)
Function _dyld_get_image_name
Evidence
  • technique: Loaded library path enumeration
  • detects: Frida, Cydia Substrate, injected dylibs
  • caller: _detect_injected_dylds
  • caller_context: Injected dylib detection
Impact Can detect injected libraries by checking image paths for known hooking frameworks
Recommendation Hook _dyld_image_count/_dyld_get_image_name to hide injected libraries, or hook '_detect_injected_dylds' to return false/0
🟡 Medium Anti-Injection: _dyld_image_count
Description _dyld_image_count call detected (counts loaded images)
Location 0x10011e0bc (Offset: 0x11e0bc)
Function _dyld_image_count
Evidence
  • technique: Loaded image count check
  • note: Typically used with _dyld_get_image_name to enumerate libraries
  • caller: _detect_injected_dylds
  • caller_context: Injected dylib detection
Impact Can detect unexpected libraries by monitoring loaded image count
Recommendation Hook _dyld_image_count/_dyld_get_image_name to hide injected libraries, or hook '_detect_injected_dylds' to return false/0
🟡 Medium Anti-Debug: sysctl
Description sysctl call detected checking P_TRACED flag
Location 0x1002caac0 (Offset: 0x2caac0)
Function sysctl
Evidence
  • technique: kinfo_proc P_TRACED flag check
  • mib_pattern: {CTL_KERN, KERN_PROC, KERN_PROC_PID, pid}
  • mib_len: 4
Impact Can detect if process is being traced by a debugger
Recommendation Hook sysctl to clear P_TRACED flag (0x800) in response
🟡 Medium Anti-Debug: sysctl
Description sysctl call detected checking P_TRACED flag
Location 0x100305ae8 (Offset: 0x305ae8)
Function sysctl
Evidence
  • technique: kinfo_proc P_TRACED flag check
  • mib_pattern: {CTL_KERN, KERN_PROC, KERN_PROC_PID, pid}
  • mib_len: 4
Impact Can detect if process is being traced by a debugger
Recommendation Hook sysctl to clear P_TRACED flag (0x800) in response
🟡 Medium Anti-Debug: sysctl
Description sysctl call detected checking P_TRACED flag
Location 0x10011e218 (Offset: 0x11e218)
Function sysctl
Evidence
  • technique: kinfo_proc P_TRACED flag check
  • mib_pattern: {CTL_KERN, KERN_PROC, KERN_PROC_PID, pid}
  • mib_len: 4
  • caller: _isDebugged
  • caller_context: Debugger detection function
Impact Can detect if process is being traced by a debugger
Recommendation Hook '_isDebugged' to always return false/0 to bypass debugger detection; or hook sysctl to return benign values
🟡 Medium Anti-Debug: Defensive exit
Description exit call detected (possible defensive termination after tampering detection)
Location 0x10011e178 (Offset: 0x11e178)
Function exit
Evidence
  • technique: Defensive process termination
  • function: exit
  • exit_code: 0
  • caller: _detect_injected_dylds
  • caller_context: Injected dylib detection
Impact May terminate the process when debugging or tampering is detected
Recommendation Hook _dyld_image_count/_dyld_get_image_name to hide injected libraries, or hook '_detect_injected_dylds' to return false/0
🟡 Medium Anti-Debug: Exception Ports
Description task_get_exception_ports call detected (debugger handler check)
Location 0x1002cae44 (Offset: 0x2cae44)
Function task_get_exception_ports
Evidence
  • technique: Exception handler enumeration
  • target: mach_task_self() or target task
Impact Debuggers register exception handlers - checking ports reveals them
Recommendation Hook to return empty exception port list
🟡 Medium Anti-Injection: task_info
Description task_info call detected (may enumerate loaded libraries via TASK_DYLD_INFO)
Location 0x1003478a0 (Offset: 0x3478a0)
Function task_info
Evidence
  • technique: Mach task library enumeration
  • detects: Injected dylibs, hooking frameworks
Impact TASK_DYLD_INFO can enumerate all loaded libraries to detect injection
Recommendation Hook task_info to filter injected libraries from results
🟡 Medium Anti-Injection: task_info
Description task_info call detected (may enumerate loaded libraries via TASK_DYLD_INFO)
Location 0x100305fa4 (Offset: 0x305fa4)
Function task_info
Evidence
  • technique: Mach task library enumeration
  • detects: Injected dylibs, hooking frameworks
Impact TASK_DYLD_INFO can enumerate all loaded libraries to detect injection
Recommendation Hook task_info to filter injected libraries from results
🟡 Medium Anti-Injection: task_info
Description task_info call detected (may enumerate loaded libraries via TASK_DYLD_INFO)
Location 0x10030c928 (Offset: 0x30c928)
Function task_info
Evidence
  • technique: Mach task library enumeration
  • detects: Injected dylibs, hooking frameworks
Impact TASK_DYLD_INFO can enumerate all loaded libraries to detect injection
Recommendation Hook task_info to filter injected libraries from results
🟡 Medium Anti-Injection: task_info
Description task_info call detected (may enumerate loaded libraries via TASK_DYLD_INFO)
Location 0x1000f0ed8 (Offset: 0xf0ed8)
Function task_info
Evidence
  • technique: Mach task library enumeration
  • detects: Injected dylibs, hooking frameworks
Impact TASK_DYLD_INFO can enumerate all loaded libraries to detect injection
Recommendation Hook task_info to filter injected libraries from results
🟡 Medium Anti-Injection: task_info
Description task_info call detected (may enumerate loaded libraries via TASK_DYLD_INFO)
Location 0x100306058 (Offset: 0x306058)
Function task_info
Evidence
  • technique: Mach task library enumeration
  • detects: Injected dylibs, hooking frameworks
Impact TASK_DYLD_INFO can enumerate all loaded libraries to detect injection
Recommendation Hook task_info to filter injected libraries from results
🟡 Medium Anti-Injection: task_info
Description task_info call detected (may enumerate loaded libraries via TASK_DYLD_INFO)
Location 0x100305c70 (Offset: 0x305c70)
Function task_info
Evidence
  • technique: Mach task library enumeration
  • detects: Injected dylibs, hooking frameworks
Impact TASK_DYLD_INFO can enumerate all loaded libraries to detect injection
Recommendation Hook task_info to filter injected libraries from results
🔵 Low Anti-Debug: Defensive abort
Description abort call detected (possible defensive termination after tampering detection)
Location 0x100278f2c (Offset: 0x278f2c)
Function abort
Evidence
  • technique: Defensive process termination
  • function: abort
  • exit_code: unknown
Impact May terminate the process when debugging or tampering is detected
Recommendation Hook abort to prevent termination; investigate caller for detection logic
🔵 Low Anti-Debug: Defensive abort
Description abort call detected (possible defensive termination after tampering detection)
Location 0x1002790d8 (Offset: 0x2790d8)
Function abort
Evidence
  • technique: Defensive process termination
  • function: abort
  • exit_code: unknown
Impact May terminate the process when debugging or tampering is detected
Recommendation Hook abort to prevent termination; investigate caller for detection logic
🔵 Low Anti-Debug: Defensive abort
Description abort call detected (possible defensive termination after tampering detection)
Location 0x100279320 (Offset: 0x279320)
Function abort
Evidence
  • technique: Defensive process termination
  • function: abort
  • exit_code: unknown
Impact May terminate the process when debugging or tampering is detected
Recommendation Hook abort to prevent termination; investigate caller for detection logic
🔵 Low Anti-Hook: dladdr
Description dladdr call detected (validates caller address or detects function hooking)
Location 0x1002b2e34 (Offset: 0x2b2e34)
Function dladdr
Evidence
  • technique: Address-to-symbol resolution
  • detects: Function hooks, injected code, unexpected callers
Impact Can detect if functions have been hooked by checking if return addresses are in expected libraries
Recommendation Hook dladdr to return expected Dl_info values
🔵 Low Anti-Debug: dlsym
Description dlsym call detected (dynamic symbol resolution, may resolve anti-debug APIs at runtime)
Location 0x1003693e4 (Offset: 0x3693e4)
Function dlsym
Evidence
  • technique: Dynamic symbol resolution
  • note: May resolve ptrace, sysctl, or other anti-debug functions to evade static analysis
Impact Can dynamically resolve security-sensitive functions to bypass static analysis detection
Recommendation Hook dlsym to monitor which symbols are being resolved
🔵 Low Anti-Debug: dlsym
Description dlsym call detected (dynamic symbol resolution, may resolve anti-debug APIs at runtime)
Location 0x10036973c (Offset: 0x36973c)
Function dlsym
Evidence
  • technique: Dynamic symbol resolution
  • note: May resolve ptrace, sysctl, or other anti-debug functions to evade static analysis
Impact Can dynamically resolve security-sensitive functions to bypass static analysis detection
Recommendation Hook dlsym to monitor which symbols are being resolved
🔵 Low Anti-Debug: dlsym
Description dlsym call detected (dynamic symbol resolution, may resolve anti-debug APIs at runtime)
Location 0x100369834 (Offset: 0x369834)
Function dlsym
Evidence
  • technique: Dynamic symbol resolution
  • note: May resolve ptrace, sysctl, or other anti-debug functions to evade static analysis
Impact Can dynamically resolve security-sensitive functions to bypass static analysis detection
Recommendation Hook dlsym to monitor which symbols are being resolved
🔵 Low Anti-Debug: dlsym
Description dlsym call detected (dynamic symbol resolution, may resolve anti-debug APIs at runtime)
Location 0x100369864 (Offset: 0x369864)
Function dlsym
Evidence
  • technique: Dynamic symbol resolution
  • note: May resolve ptrace, sysctl, or other anti-debug functions to evade static analysis
Impact Can dynamically resolve security-sensitive functions to bypass static analysis detection
Recommendation Hook dlsym to monitor which symbols are being resolved
🔵 Low Anti-Debug: dlsym
Description dlsym call detected (dynamic symbol resolution, may resolve anti-debug APIs at runtime)
Location 0x100369990 (Offset: 0x369990)
Function dlsym
Evidence
  • technique: Dynamic symbol resolution
  • note: May resolve ptrace, sysctl, or other anti-debug functions to evade static analysis
Impact Can dynamically resolve security-sensitive functions to bypass static analysis detection
Recommendation Hook dlsym to monitor which symbols are being resolved
🔵 Low Anti-Debug: dlsym
Description dlsym call detected (dynamic symbol resolution, may resolve anti-debug APIs at runtime)
Location 0x1003699c0 (Offset: 0x3699c0)
Function dlsym
Evidence
  • technique: Dynamic symbol resolution
  • note: May resolve ptrace, sysctl, or other anti-debug functions to evade static analysis
Impact Can dynamically resolve security-sensitive functions to bypass static analysis detection
Recommendation Hook dlsym to monitor which symbols are being resolved
🔵 Low Anti-Debug: dlsym
Description dlsym call detected (dynamic symbol resolution, may resolve anti-debug APIs at runtime)
Location 0x1003688c8 (Offset: 0x3688c8)
Function dlsym
Evidence
  • technique: Dynamic symbol resolution
  • note: May resolve ptrace, sysctl, or other anti-debug functions to evade static analysis
Impact Can dynamically resolve security-sensitive functions to bypass static analysis detection
Recommendation Hook dlsym to monitor which symbols are being resolved
🔵 Low Anti-Debug: dlsym
Description dlsym call detected (dynamic symbol resolution, may resolve anti-debug APIs at runtime)
Location 0x1003688e0 (Offset: 0x3688e0)
Function dlsym
Evidence
  • technique: Dynamic symbol resolution
  • note: May resolve ptrace, sysctl, or other anti-debug functions to evade static analysis
Impact Can dynamically resolve security-sensitive functions to bypass static analysis detection
Recommendation Hook dlsym to monitor which symbols are being resolved
🔵 Low Anti-Debug: dlsym
Description dlsym call detected (dynamic symbol resolution, may resolve anti-debug APIs at runtime)
Location 0x1003688f8 (Offset: 0x3688f8)
Function dlsym
Evidence
  • technique: Dynamic symbol resolution
  • note: May resolve ptrace, sysctl, or other anti-debug functions to evade static analysis
Impact Can dynamically resolve security-sensitive functions to bypass static analysis detection
Recommendation Hook dlsym to monitor which symbols are being resolved
🔵 Low Anti-Debug: dlsym
Description dlsym call detected (dynamic symbol resolution, may resolve anti-debug APIs at runtime)
Location 0x10036890c (Offset: 0x36890c)
Function dlsym
Evidence
  • technique: Dynamic symbol resolution
  • note: May resolve ptrace, sysctl, or other anti-debug functions to evade static analysis
Impact Can dynamically resolve security-sensitive functions to bypass static analysis detection
Recommendation Hook dlsym to monitor which symbols are being resolved
🔵 Low Anti-Debug: dlsym
Description dlsym call detected (dynamic symbol resolution, may resolve anti-debug APIs at runtime)
Location 0x100368928 (Offset: 0x368928)
Function dlsym
Evidence
  • technique: Dynamic symbol resolution
  • note: May resolve ptrace, sysctl, or other anti-debug functions to evade static analysis
Impact Can dynamically resolve security-sensitive functions to bypass static analysis detection
Recommendation Hook dlsym to monitor which symbols are being resolved
🔵 Low Anti-Debug: dlsym
Description dlsym call detected (dynamic symbol resolution, may resolve anti-debug APIs at runtime)
Location 0x100368940 (Offset: 0x368940)
Function dlsym
Evidence
  • technique: Dynamic symbol resolution
  • note: May resolve ptrace, sysctl, or other anti-debug functions to evade static analysis
Impact Can dynamically resolve security-sensitive functions to bypass static analysis detection
Recommendation Hook dlsym to monitor which symbols are being resolved
🔵 Low Anti-Debug: dlsym
Description dlsym call detected (dynamic symbol resolution, may resolve anti-debug APIs at runtime)
Location 0x100368958 (Offset: 0x368958)
Function dlsym
Evidence
  • technique: Dynamic symbol resolution
  • note: May resolve ptrace, sysctl, or other anti-debug functions to evade static analysis
Impact Can dynamically resolve security-sensitive functions to bypass static analysis detection
Recommendation Hook dlsym to monitor which symbols are being resolved
🔵 Low Anti-Debug: dlsym
Description dlsym call detected (dynamic symbol resolution, may resolve anti-debug APIs at runtime)
Location 0x100368970 (Offset: 0x368970)
Function dlsym
Evidence
  • technique: Dynamic symbol resolution
  • note: May resolve ptrace, sysctl, or other anti-debug functions to evade static analysis
Impact Can dynamically resolve security-sensitive functions to bypass static analysis detection
Recommendation Hook dlsym to monitor which symbols are being resolved
🔵 Low Anti-Debug: dlsym
Description dlsym call detected (dynamic symbol resolution, may resolve anti-debug APIs at runtime)
Location 0x100368988 (Offset: 0x368988)
Function dlsym
Evidence
  • technique: Dynamic symbol resolution
  • note: May resolve ptrace, sysctl, or other anti-debug functions to evade static analysis
Impact Can dynamically resolve security-sensitive functions to bypass static analysis detection
Recommendation Hook dlsym to monitor which symbols are being resolved
🔵 Low Anti-Debug: dlsym
Description dlsym call detected (dynamic symbol resolution, may resolve anti-debug APIs at runtime)
Location 0x1003689a0 (Offset: 0x3689a0)
Function dlsym
Evidence
  • technique: Dynamic symbol resolution
  • note: May resolve ptrace, sysctl, or other anti-debug functions to evade static analysis
Impact Can dynamically resolve security-sensitive functions to bypass static analysis detection
Recommendation Hook dlsym to monitor which symbols are being resolved
🔵 Low Anti-Debug: Defensive exit
Description exit call detected (possible defensive termination after tampering detection)
Location 0x10015716c (Offset: 0x15716c)
Function exit
Evidence
  • technique: Defensive process termination
  • function: exit
  • exit_code: 4294967295
Impact May terminate the process when debugging or tampering is detected
Recommendation Hook exit to prevent termination; investigate caller for detection logic
🔵 Low Anti-Debug: Defensive exit
Description exit call detected (possible defensive termination after tampering detection)
Location 0x100141cb8 (Offset: 0x141cb8)
Function exit
Evidence
  • technique: Defensive process termination
  • function: exit
  • exit_code: 0
Impact May terminate the process when debugging or tampering is detected
Recommendation Hook exit to prevent termination; investigate caller for detection logic
🔵 Low Anti-Debug: Defensive exit
Description exit call detected (possible defensive termination after tampering detection)
Location 0x100144818 (Offset: 0x144818)
Function exit
Evidence
  • technique: Defensive process termination
  • function: exit
  • exit_code: 0
Impact May terminate the process when debugging or tampering is detected
Recommendation Hook exit to prevent termination; investigate caller for detection logic
🔵 Low Anti-Debug: Defensive exit
Description exit call detected (possible defensive termination after tampering detection)
Location 0x1002dbd28 (Offset: 0x2dbd28)
Function exit
Evidence
  • technique: Defensive process termination
  • function: exit
  • exit_code: 0
Impact May terminate the process when debugging or tampering is detected
Recommendation Hook exit to prevent termination; investigate caller for detection logic
🔵 Low Anti-Debug: Defensive abort
Description abort call detected (possible defensive termination after tampering detection)
Location 0x1002110d8 (Offset: 0x2110d8)
Function abort
Evidence
  • technique: Defensive process termination
  • function: abort
  • exit_code: unknown
Impact May terminate the process when debugging or tampering is detected
Recommendation Hook abort to prevent termination; investigate caller for detection logic
🔵 Low Anti-Debug: Defensive abort
Description abort call detected (possible defensive termination after tampering detection)
Location 0x1002c379c (Offset: 0x2c379c)
Function abort
Evidence
  • technique: Defensive process termination
  • function: abort
  • exit_code: unknown
Impact May terminate the process when debugging or tampering is detected
Recommendation Hook abort to prevent termination; investigate caller for detection logic
🔵 Low Anti-Debug: Defensive abort
Description abort call detected (possible defensive termination after tampering detection)
Location 0x1002b2c7c (Offset: 0x2b2c7c)
Function abort
Evidence
  • technique: Defensive process termination
  • function: abort
  • exit_code: unknown
Impact May terminate the process when debugging or tampering is detected
Recommendation Hook abort to prevent termination; investigate caller for detection logic
🔵 Low Anti-Debug: Defensive abort
Description abort call detected (possible defensive termination after tampering detection)
Location 0x100211158 (Offset: 0x211158)
Function abort
Evidence
  • technique: Defensive process termination
  • function: abort
  • exit_code: unknown
Impact May terminate the process when debugging or tampering is detected
Recommendation Hook abort to prevent termination; investigate caller for detection logic
🔵 Low Anti-Debug: Defensive abort
Description abort call detected (possible defensive termination after tampering detection)
Location 0x100233090 (Offset: 0x233090)
Function abort
Evidence
  • technique: Defensive process termination
  • function: abort
  • exit_code: unknown
Impact May terminate the process when debugging or tampering is detected
Recommendation Hook abort to prevent termination; investigate caller for detection logic
🔵 Low Anti-Debug: Defensive abort
Description abort call detected (possible defensive termination after tampering detection)
Location 0x100169040 (Offset: 0x169040)
Function abort
Evidence
  • technique: Defensive process termination
  • function: abort
  • exit_code: unknown
Impact May terminate the process when debugging or tampering is detected
Recommendation Hook abort to prevent termination; investigate caller for detection logic
🔵 Low Anti-Debug: Defensive abort
Description abort call detected (possible defensive termination after tampering detection)
Location 0x10020ac98 (Offset: 0x20ac98)
Function abort
Evidence
  • technique: Defensive process termination
  • function: abort
  • exit_code: unknown
Impact May terminate the process when debugging or tampering is detected
Recommendation Hook abort to prevent termination; investigate caller for detection logic
🔵 Low Anti-Debug: Defensive abort
Description abort call detected (possible defensive termination after tampering detection)
Location 0x1002b4884 (Offset: 0x2b4884)
Function abort
Evidence
  • technique: Defensive process termination
  • function: abort
  • exit_code: unknown
Impact May terminate the process when debugging or tampering is detected
Recommendation Hook abort to prevent termination; investigate caller for detection logic
🔵 Low Anti-Debug: Defensive abort
Description abort call detected (possible defensive termination after tampering detection)
Location 0x1003693c4 (Offset: 0x3693c4)
Function abort
Evidence
  • technique: Defensive process termination
  • function: abort
  • exit_code: unknown
Impact May terminate the process when debugging or tampering is detected
Recommendation Hook abort to prevent termination; investigate caller for detection logic
🔵 Low Anti-Debug: Defensive abort
Description abort call detected (possible defensive termination after tampering detection)
Location 0x1003694e8 (Offset: 0x3694e8)
Function abort
Evidence
  • technique: Defensive process termination
  • function: abort
  • exit_code: unknown
Impact May terminate the process when debugging or tampering is detected
Recommendation Hook abort to prevent termination; investigate caller for detection logic
WebView Security 1H1M 2 findings
🟠 High XSS via User Input in loadHTMLString
Description loadHTMLString:baseURL: caller also references user input (UITextField/UITextView) — XSS likely
Location 0x10016be94 (Offset: 0x16be94)
Function loadHTMLString:baseURL:
Evidence
  • method: loadHTMLString:baseURL:
  • baseURL: unknown
  • taint_source: UITextField/UITextView reference in caller
Impact User input flows to WebView HTML rendering without sanitization — attacker can inject JavaScript via text fields
Recommendation Sanitize all user input before HTML rendering; use textContent instead of innerHTML equivalents
🟡 Medium WebView Load Request
Description WebView loading URL request via loadRequest:
Location 0x100151cfc (Offset: 0x151cfc)
Function loadRequest:
Evidence
  • method: loadRequest:
Impact WebView loading external content - verify HTTPS and content validation
Recommendation Use HTTPS for all loaded URLs and implement WKNavigationDelegate
IPC Security 52M4L 56 findings
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x1001b3ec8 (Offset: 0x1b3ec8)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x1001cb28c (Offset: 0x1cb28c)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x1001cb2d0 (Offset: 0x1cb2d0)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x1001e58a4 (Offset: 0x1e58a4)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x1001e80a8 (Offset: 0x1e80a8)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x1001e80e8 (Offset: 0x1e80e8)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x1001ec220 (Offset: 0x1ec220)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x1001ec288 (Offset: 0x1ec288)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x1001ffee8 (Offset: 0x1ffee8)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x100204d00 (Offset: 0x204d00)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x10020d4ec (Offset: 0x20d4ec)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x100214eb0 (Offset: 0x214eb0)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x100214ef0 (Offset: 0x214ef0)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x10021d97c (Offset: 0x21d97c)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x10021d9b8 (Offset: 0x21d9b8)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x10021d9f4 (Offset: 0x21d9f4)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x10021da40 (Offset: 0x21da40)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x100281720 (Offset: 0x281720)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x100281760 (Offset: 0x281760)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x1002847c0 (Offset: 0x2847c0)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x10028c564 (Offset: 0x28c564)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x10029171c (Offset: 0x29171c)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x100291edc (Offset: 0x291edc)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x100291f1c (Offset: 0x291f1c)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x100298dd8 (Offset: 0x298dd8)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x1002cdf98 (Offset: 0x2cdf98)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x1002d9ca8 (Offset: 0x2d9ca8)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x1002d9cfc (Offset: 0x2d9cfc)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x1002e2c2c (Offset: 0x2e2c2c)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x1002f1150 (Offset: 0x2f1150)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x1002f1194 (Offset: 0x2f1194)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x1002f4420 (Offset: 0x2f4420)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x100305884 (Offset: 0x305884)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x10030f510 (Offset: 0x30f510)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x10030f554 (Offset: 0x30f554)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x10030f598 (Offset: 0x30f598)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x10030f5dc (Offset: 0x30f5dc)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x10030f62c (Offset: 0x30f62c)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x1003179bc (Offset: 0x3179bc)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x1003179fc (Offset: 0x3179fc)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x100327e7c (Offset: 0x327e7c)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x10032b7fc (Offset: 0x32b7fc)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x1003319bc (Offset: 0x3319bc)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x100331a00 (Offset: 0x331a00)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x100331a44 (Offset: 0x331a44)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x100331a88 (Offset: 0x331a88)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x100342f28 (Offset: 0x342f28)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x10034d234 (Offset: 0x34d234)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x10034f0ec (Offset: 0x34f0ec)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x10035b34c (Offset: 0x35b34c)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x10035b38c (Offset: 0x35b38c)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🟡 Medium NSDistributedNotificationCenter Observer
Description Subscribing to distributed notifications: addObserver:selector:name:object:
Location 0x10036f2a8 (Offset: 0x36f2a8)
Function addObserver:selector:name:object:
Evidence
  • api: addObserver:selector:name:object:
Impact NSDistributedNotificationCenter delivers notifications cross-process with no sender authentication. Any app on the system can post a notification that triggers the registered handler, potentially with attacker-controlled userInfo data.
Recommendation Treat all incoming notification userInfo as untrusted. Validate types and values before acting on them. Do not use distributed notifications to trigger security-sensitive actions.
🔵 Low NSDistributedNotificationCenter Post
Description Posting distributed notification: postNotificationName:object:userInfo:
Location 0x1001e06f4 (Offset: 0x1e06f4)
Function postNotificationName:object:userInfo:
Evidence
  • api: postNotificationName:object:userInfo:
Impact Distributed notifications broadcast data to all listening processes. Sensitive data included in userInfo is visible to every app on the system.
Recommendation Never include sensitive data (tokens, credentials, PII) in distributed notification userInfo dictionaries.
🔵 Low NSDistributedNotificationCenter Post
Description Posting distributed notification: postNotificationName:object:userInfo:
Location 0x10021ea88 (Offset: 0x21ea88)
Function postNotificationName:object:userInfo:
Evidence
  • api: postNotificationName:object:userInfo:
Impact Distributed notifications broadcast data to all listening processes. Sensitive data included in userInfo is visible to every app on the system.
Recommendation Never include sensitive data (tokens, credentials, PII) in distributed notification userInfo dictionaries.
🔵 Low NSDistributedNotificationCenter Post
Description Posting distributed notification: postNotificationName:object:userInfo:
Location 0x10021ed4c (Offset: 0x21ed4c)
Function postNotificationName:object:userInfo:
Evidence
  • api: postNotificationName:object:userInfo:
Impact Distributed notifications broadcast data to all listening processes. Sensitive data included in userInfo is visible to every app on the system.
Recommendation Never include sensitive data (tokens, credentials, PII) in distributed notification userInfo dictionaries.
🔵 Low NSDistributedNotificationCenter Post
Description Posting distributed notification: postNotificationName:object:userInfo:
Location 0x1003753e8 (Offset: 0x3753e8)
Function postNotificationName:object:userInfo:
Evidence
  • api: postNotificationName:object:userInfo:
Impact Distributed notifications broadcast data to all listening processes. Sensitive data included in userInfo is visible to every app on the system.
Recommendation Never include sensitive data (tokens, credentials, PII) in distributed notification userInfo dictionaries.
Obfuscated Secrets 38M 38 findings
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x100064900 (Offset: 0x64900)
Function decryptData:withSettings:password:error:
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x100064a34 (Offset: 0x64a34)
Function ___55+[RNDecryptor_decryptData:withSettings:password:error:]_block_invoke
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x100064aa4 (Offset: 0x64aa4)
Function decryptData:withSettings:encryptionKey:HMACKey:error:
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x100064c00 (Offset: 0x64c00)
Function ___68+[RNDecryptor_decryptData:withSettings:encryptionKey:HMACKey:error:]_block_invoke
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x100064c70 (Offset: 0x64c70)
Function decryptData:withPassword:error:
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x100064d4c (Offset: 0x64d4c)
Function ___46+[RNDecryptor_decryptData:withPassword:error:]_block_invoke
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x100064dbc (Offset: 0x64dbc)
Function decryptData:withEncryptionKey:HMACKey:error:
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x100064ec0 (Offset: 0x64ec0)
Function ___59+[RNDecryptor_decryptData:withEncryptionKey:HMACKey:error:]_block_invoke
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x100064f30 (Offset: 0x64f30)
Function initWithEncryptionKey:HMACKey:handler:
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x1000650b0 (Offset: 0x650b0)
Function initWithPassword:handler:
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x10006525c (Offset: 0x6525c)
Function inData
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x1000652e8 (Offset: 0x652e8)
Function decryptData:
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x1000653e0 (Offset: 0x653e0)
Function ___27-[RNDecryptor_decryptData:]_block_invoke
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x100065624 (Offset: 0x65624)
Function ___27-[RNDecryptor_decryptData:]_block_invoke_2
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x1000656b0 (Offset: 0x656b0)
Function addData:
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x1000658d4 (Offset: 0x658d4)
Function updateOptionsForPreamble:
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x100065a78 (Offset: 0x65a78)
Function consumeHeaderFromData:
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x1000663a8 (Offset: 0x663a8)
Function finish
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x10006646c (Offset: 0x6646c)
Function ___21-[RNDecryptor_finish]_block_invoke
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x10006673c (Offset: 0x6673c)
Function encryptionKey
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x100066760 (Offset: 0x66760)
Function setEncryptionKey:
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x10006679c (Offset: 0x6679c)
Function HMACKey
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x1000667c0 (Offset: 0x667c0)
Function setHMACKey:
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x1000667fc (Offset: 0x667fc)
Function password
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x100066820 (Offset: 0x66820)
Function setPassword:
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x10006685c (Offset: 0x6685c)
Function settings
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x1000668a0 (Offset: 0x668a0)
Function setSettings:
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x1000668e8 (Offset: 0x668e8)
Function hasV1HMAC
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x100066914 (Offset: 0x66914)
Function setHasV1HMAC:
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x10006694c (Offset: 0x6694c)
Function .cxx_destruct
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNEncryptor
Location 0x1001978e8 (Offset: 0x1978e8)
Function _$s7DVIA_v239BrokenCryptographyDetailsViewControllerC21textFieldShouldReturnySbSo06UITextI0CF
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNEncryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling RNDecryptor
Location 0x1001978e8 (Offset: 0x1978e8)
Function _$s7DVIA_v239BrokenCryptographyDetailsViewControllerC21textFieldShouldReturnySbSo06UITextI0CF
Evidence
  • decode_type: decrypt
  • decode_pattern: Decrypt
  • sink: RNDecryptor
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling CCCrypt
Location 0x10020ef2c (Offset: 0x20ef2c)
Function decryptData:
Evidence
  • decode_type: decrypt
  • decode_pattern: decrypt
  • sink: CCCrypt
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling SymmetricKey
Location 0x10020ef2c (Offset: 0x20ef2c)
Function decryptData:
Evidence
  • decode_type: decrypt
  • decode_pattern: decrypt
  • sink: SymmetricKey
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling SymmetricKey
Location 0x10020f09c (Offset: 0x20f09c)
Function decryptStream:
Evidence
  • decode_type: decrypt
  • decode_pattern: decrypt
  • sink: SymmetricKey
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling CCCrypt
Location 0x10020f200 (Offset: 0x20f200)
Function ___33-[CBLSymmetricKey_decryptStream:]_block_invoke
Evidence
  • decode_type: decrypt
  • decode_pattern: decrypt
  • sink: CCCrypt
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling CCCryptorCreate
Location 0x10020f200 (Offset: 0x20f200)
Function ___33-[CBLSymmetricKey_decryptStream:]_block_invoke
Evidence
  • decode_type: decrypt
  • decode_pattern: decrypt
  • sink: CCCryptorCreate
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
🟡 Medium Decode Pattern Near Sensitive Sink
Description DECRYPT decode pattern found in function calling SymmetricKey
Location 0x10020f200 (Offset: 0x20f200)
Function ___33-[CBLSymmetricKey_decryptStream:]_block_invoke
Evidence
  • decode_type: decrypt
  • decode_pattern: decrypt
  • sink: SymmetricKey
  • detection_method: decompiler_pattern_proximity
Impact Decode/deobfuscation operation in same function as sensitive sink — manual review needed to confirm data flow
Recommendation Inspect decompiled code to determine if decoded value reaches the sink parameter
Runtime Security 11M 11 findings
🟡 Medium Client-Side Authentication Check
Description isEqualToString: called in authentication function (parameters unresolved)
Location 0x1001bf5d4 (Offset: 0x1bf5d4)
Function isEqualToString:
Evidence
  • comparison_method: isEqualToString:
  • caller: continueAsyncLoginWithURL:continuation:
  • note: String comparison in auth context — likely comparing against hardcoded or locally-stored credential
Impact Client-side authentication can be bypassed by hooking the comparison method to always return true
Recommendation Implement server-side authentication; client should only send credentials, not validate them locally
🟡 Medium Client-Side Authentication Check
Description caseInsensitiveCompare: called in authentication function (parameters unresolved)
Location 0x1001bfa50 (Offset: 0x1bfa50)
Function caseInsensitiveCompare:
Evidence
  • comparison_method: caseInsensitiveCompare:
  • caller: ___69-[CBLOpenIDConnectAuthorizer_continueAsyncLoginWithURL:continuation:]_bl...
  • note: String comparison in auth context — likely comparing against hardcoded or locally-stored credential
Impact Client-side authentication can be bypassed by hooking the comparison method to always return true
Recommendation Implement server-side authentication; client should only send credentials, not validate them locally
🟡 Medium Client-Side Authentication Check
Description isEqualToString: called in authentication function (parameters unresolved)
Location 0x10022bad4 (Offset: 0x22bad4)
Function isEqualToString:
Evidence
  • comparison_method: isEqualToString:
  • caller: verifyDigest:
  • note: String comparison in auth context — likely comparing against hardcoded or locally-stored credential
Impact Client-side authentication can be bypassed by hooking the comparison method to always return true
Recommendation Implement server-side authentication; client should only send credentials, not validate them locally
🟡 Medium Client-Side Authentication Check
Description isEqualToString: called in authentication function (parameters unresolved)
Location 0x10023f840 (Offset: 0x23f840)
Function isEqualToString:
Evidence
  • comparison_method: isEqualToString:
  • caller: checkAuthentication:user:
  • note: String comparison in auth context — likely comparing against hardcoded or locally-stored credential
Impact Client-side authentication can be bypassed by hooking the comparison method to always return true
Recommendation Implement server-side authentication; client should only send credentials, not validate them locally
🟡 Medium Client-Side Authentication Check
Description isEqualToString: called in authentication function (parameters unresolved)
Location 0x100241848 (Offset: 0x241848)
Function isEqualToString:
Evidence
  • comparison_method: isEqualToString:
  • caller: credentialForAuthHeader:
  • note: String comparison in auth context — likely comparing against hardcoded or locally-stored credential
Impact Client-side authentication can be bypassed by hooking the comparison method to always return true
Recommendation Implement server-side authentication; client should only send credentials, not validate them locally
🟡 Medium Client-Side Authentication Check
Description isEqualToString: called in authentication function (parameters unresolved)
Location 0x100241874 (Offset: 0x241874)
Function isEqualToString:
Evidence
  • comparison_method: isEqualToString:
  • caller: credentialForAuthHeader:
  • note: String comparison in auth context — likely comparing against hardcoded or locally-stored credential
Impact Client-side authentication can be bypassed by hooking the comparison method to always return true
Recommendation Implement server-side authentication; client should only send credentials, not validate them locally
🟡 Medium Client-Side Authentication Check
Description isEqualToString: called in authentication function (parameters unresolved)
Location 0x10027a8f8 (Offset: 0x27a8f8)
Function isEqualToString:
Evidence
  • comparison_method: isEqualToString:
  • caller: isAuthenticated
  • note: String comparison in auth context — likely comparing against hardcoded or locally-stored credential
Impact Client-side authentication can be bypassed by hooking the comparison method to always return true
Recommendation Implement server-side authentication; client should only send credentials, not validate them locally
🟡 Medium Client-Side Authentication Check
Description isEqualToString: called in authentication function (parameters unresolved)
Location 0x10027a954 (Offset: 0x27a954)
Function isEqualToString:
Evidence
  • comparison_method: isEqualToString:
  • caller: isAuthenticated
  • note: String comparison in auth context — likely comparing against hardcoded or locally-stored credential
Impact Client-side authentication can be bypassed by hooking the comparison method to always return true
Recommendation Implement server-side authentication; client should only send credentials, not validate them locally
🟡 Medium Client-Side Authentication Check
Description isEqualToString: called in authentication function (parameters unresolved)
Location 0x10027a958 (Offset: 0x27a958)
Function isEqualToString:
Evidence
  • comparison_method: isEqualToString:
  • caller: isAuthenticated
  • note: String comparison in auth context — likely comparing against hardcoded or locally-stored credential
Impact Client-side authentication can be bypassed by hooking the comparison method to always return true
Recommendation Implement server-side authentication; client should only send credentials, not validate them locally
🟡 Medium Client-Side Authentication Check
Description isEqualToString: called in authentication function (parameters unresolved)
Location 0x10027aaa4 (Offset: 0x27aaa4)
Function isEqualToString:
Evidence
  • comparison_method: isEqualToString:
  • caller: isAuthenticated
  • note: String comparison in auth context — likely comparing against hardcoded or locally-stored credential
Impact Client-side authentication can be bypassed by hooking the comparison method to always return true
Recommendation Implement server-side authentication; client should only send credentials, not validate them locally
🟡 Medium Client-Side Authentication Check
Description isEqualToString: called in authentication function (parameters unresolved)
Location 0x10027aef8 (Offset: 0x27aef8)
Function isEqualToString:
Evidence
  • comparison_method: isEqualToString:
  • caller: isAuthenticated
  • note: String comparison in auth context — likely comparing against hardcoded or locally-stored credential
Impact Client-side authentication can be bypassed by hooking the comparison method to always return true
Recommendation Implement server-side authentication; client should only send credentials, not validate them locally
Keychain Storage 8M 8 findings
🟡 Medium Missing Keychain Accessibility Attribute
Description Keychain item stored without explicit accessibility level
Location 0x1001141bc (Offset: 0x1141bc)
Function SecItemAdd
Evidence
  • kSecAttrAccessible: not set (defaults to kSecAttrAccessibleWhenUnlocked)
Impact Developer may be unaware of keychain protection levels, using defaults
Recommendation Explicitly set kSecAttrAccessible to an appropriate protection level
🟡 Medium Missing Keychain Accessibility Attribute
Description Keychain item stored without explicit accessibility level
Location 0x10020ea58 (Offset: 0x20ea58)
Function SecItemAdd
Evidence
  • kSecAttrAccessible: not set (defaults to kSecAttrAccessibleWhenUnlocked)
Impact Developer may be unaware of keychain protection levels, using defaults
Recommendation Explicitly set kSecAttrAccessible to an appropriate protection level
🟡 Medium Missing Keychain Accessibility Attribute
Description Keychain item stored without explicit accessibility level
Location 0x1001a7aa8 (Offset: 0x1a7aa8)
Function SecItemAdd
Evidence
  • kSecAttrAccessible: not set (defaults to kSecAttrAccessibleWhenUnlocked)
Impact Developer may be unaware of keychain protection levels, using defaults
Recommendation Explicitly set kSecAttrAccessible to an appropriate protection level
🟡 Medium Missing Keychain Accessibility Attribute
Description Keychain item stored without explicit accessibility level
Location 0x1002f50dc (Offset: 0x2f50dc)
Function SecItemAdd
Evidence
  • kSecAttrAccessible: not set (defaults to kSecAttrAccessibleWhenUnlocked)
Impact Developer may be unaware of keychain protection levels, using defaults
Recommendation Explicitly set kSecAttrAccessible to an appropriate protection level
🟡 Medium Missing Keychain Accessibility Attribute
Description Keychain item stored without explicit accessibility level
Location 0x100318b04 (Offset: 0x318b04)
Function SecItemAdd
Evidence
  • kSecAttrAccessible: not set (defaults to kSecAttrAccessibleWhenUnlocked)
Impact Developer may be unaware of keychain protection levels, using defaults
Recommendation Explicitly set kSecAttrAccessible to an appropriate protection level
🟡 Medium Missing Keychain Accessibility Attribute
Description Keychain item stored without explicit accessibility level
Location 0x1002f4fac (Offset: 0x2f4fac)
Function SecItemAdd
Evidence
  • kSecAttrAccessible: not set (defaults to kSecAttrAccessibleWhenUnlocked)
Impact Developer may be unaware of keychain protection levels, using defaults
Recommendation Explicitly set kSecAttrAccessible to an appropriate protection level
🟡 Medium Missing Keychain Accessibility Attribute
Description Keychain item stored without explicit accessibility level
Location 0x1001c04d4 (Offset: 0x1c04d4)
Function SecItemAdd
Evidence
  • kSecAttrAccessible: not set (defaults to kSecAttrAccessibleWhenUnlocked)
Impact Developer may be unaware of keychain protection levels, using defaults
Recommendation Explicitly set kSecAttrAccessible to an appropriate protection level
🟡 Medium Missing Keychain Accessibility Attribute
Description Keychain item stored without explicit accessibility level
Location 0x1001c0534 (Offset: 0x1c0534)
Function SecItemAdd
Evidence
  • kSecAttrAccessible: not set (defaults to kSecAttrAccessibleWhenUnlocked)
Impact Developer may be unaware of keychain protection levels, using defaults
Recommendation Explicitly set kSecAttrAccessible to an appropriate protection level
Pasteboard 2M 2 findings
🟡 Medium Data Written to Pasteboard
Description Data written to pasteboard via setItems:
Location 0x100162f44 (Offset: 0x162f44)
Function setItems:
Evidence
  • api: setItems:
Impact Data written to the general pasteboard is readable by any app on the device.
Recommendation Confirm that written content is not sensitive. Use UIPasteboardOptionLocalOnly and UIPasteboardOptionExpirationDate to limit exposure when writing to the general pasteboard.
🟡 Medium Data Written to Pasteboard
Description Data written to pasteboard via setString:
Location 0x1001d9f28 (Offset: 0x1d9f28)
Function setString:
Evidence
  • api: setString:
Impact Data written to the general pasteboard is readable by any app on the device.
Recommendation Confirm that written content is not sensitive. Use UIPasteboardOptionLocalOnly and UIPasteboardOptionExpirationDate to limit exposure when writing to the general pasteboard.
Network Security 4I 4 findings
⚪ Info Certificate Trust Evaluation
Description SecTrust certificate validation detected
Location 0x1001c3d38 (Offset: 0x1c3d38)
Function SecTrustEvaluate
Evidence
  • api: SecTrustEvaluate
Impact Certificate validation is a critical security control
Recommendation Verify the result is properly checked (not ignored)
⚪ Info Certificate Trust Evaluation
Description SecTrust certificate validation detected
Location 0x1001dbafc (Offset: 0x1dbafc)
Function SecTrustEvaluate
Evidence
  • api: SecTrustEvaluate
Impact Certificate validation is a critical security control
Recommendation Verify the result is properly checked (not ignored)
⚪ Info Certificate Trust Evaluation
Description SecTrust certificate validation detected
Location 0x1001dba20 (Offset: 0x1dba20)
Function SecTrustEvaluate
Evidence
  • api: SecTrustEvaluate
Impact Certificate validation is a critical security control
Recommendation Verify the result is properly checked (not ignored)
⚪ Info SSL Handshake
Description SSLHandshake API usage detected
Location 0x1002a9d80 (Offset: 0x2a9d80)
Function SSLHandshake
Evidence
  • api: SSLHandshake
Impact Custom SSL implementation
Recommendation Verify proper error handling and certificate validation
Jailbreak Detection 2I 2 findings
⚪ Info Jailbreak Detection — Caller Heuristic
Description dlopen called from jailbreak detection function (parameters unresolved)
Location 0x10011e068 (Offset: 0x11e068)
Function dlopen
Evidence
  • api: dlopen
  • technique: Dynamic library enumeration
  • caller: _disable_gdb
  • note: Parameter values could not be extracted; caller name indicates jailbreak detection context
Impact Application is performing jailbreak detection checks
Recommendation Hook dlopen in Frida to inspect runtime parameters and verify jailbreak detection behavior
⚪ Info Jailbreak Detection — Caller Heuristic
Description _dyld_image_count called from jailbreak detection function (parameters unresolved)
Location 0x10011e0bc (Offset: 0x11e0bc)
Function _dyld_image_count
Evidence
  • api: _dyld_image_count
  • technique: Dynamic library enumeration
  • caller: _detect_injected_dylds
  • note: Parameter values could not be extracted; caller name indicates jailbreak detection context
Impact Application is performing jailbreak detection checks
Recommendation Hook _dyld_image_count in Frida to inspect runtime parameters and verify jailbreak detection behavior
Obfuscation 1I 1 finding
⚪ Info Obfuscation: Hex Decode
Description Hex string decoding detected
Location 0x1002d4ccc (Offset: 0x2d4ccc)
Function installationIDAsBytes
Evidence
  • function: dataFromHexString:
Impact May be used to hide binary data or keys
Recommendation Inspect input string for hidden keys or sensitive data
URL Handlers 233 items

Handlers

TypeNameAddressConfidence
swiftui_$sSo30UIApplicationOpenURLOptionsKeyaMa0x1001538f0high
swiftui_$sSo30UIApplicationOpenURLOptionsKeyaABSHSCWl0x100153990high
swiftui_$sSo30UIApplicationOpenURLOptionsKeyas21_ObjectiveCBridgeableSCsACP09_bridgeToE1C01_E5CTypeQzyFTW0x100153edchigh
swiftui_$sSo30UIApplicationOpenURLOptionsKeyas21_ObjectiveCBridgeableSCsACP016_forceBridgeFromE1C_6resulty01_E5CTypeQz_xSgztFZTW0x100153f14high
swiftui_$sSo30UIApplicationOpenURLOptionsKeyas21_ObjectiveCBridgeableSCsACP024_conditionallyBridgeFromE1C_6resultSb01_E5CTypeQz_xSgztFZTW0x100153f5chigh
swiftui_$sSo30UIApplicationOpenURLOptionsKeyas21_ObjectiveCBridgeableSCsACP026_unconditionallyBridgeFromE1Cyx01_E5CTypeQzSgFZTW0x100153fa8high
swiftui_$sSo30UIApplicationOpenURLOptionsKeyaSHSCSH9hashValueSivgTW0x100153ff0high
swiftui_$sSo30UIApplicationOpenURLOptionsKeyaSHSCSH4hash4intoys6HasherVz_tFTW0x10015402chigh
swiftui_$sSo30UIApplicationOpenURLOptionsKeyaSHSCSH13_rawHashValue4seedS2i_tFTW0x100154070high
swiftui_$sSo30UIApplicationOpenURLOptionsKeyaSQSCSQ2eeoiySbx_xtFZTW0x1001542d4high
swiftui_$sSo30UIApplicationOpenURLOptionsKeyaSYSCSY8rawValuexSg03RawF0Qz_tcfCTW0x1001544c4high
swiftui_$sSo30UIApplicationOpenURLOptionsKeya8rawValueABSS_tcfC0x1001544f8high
swiftui_$sSo30UIApplicationOpenURLOptionsKeyaSYSCSY8rawValue03RawF0QzvgTW0x100154560high
swiftui_$sSo30UIApplicationOpenURLOptionsKeya8rawValueSSvg0x100154590high
swiftui_$sSo30UIApplicationOpenURLOptionsKeyas35_HasCustomAnyHashableRepresentationSCsACP03_tofgH0s0gH0VSgyFTW0x1001545dchigh
swiftui_$sSo30UIApplicationOpenURLOptionsKeyas20_SwiftNewtypeWrapperSCSYWb0x100154624high
swiftui_$sSo30UIApplicationOpenURLOptionsKeyaABSYSCWl0x100154638high
swiftui_$sSo30UIApplicationOpenURLOptionsKeyas20_SwiftNewtypeWrapperSCs35_HasCustomAnyHashableRepresentationPWb0x1001546a8high
swiftui_$sSo30UIApplicationOpenURLOptionsKeyaABs35_HasCustomAnyHashableRepresentationSCWl0x1001546bchigh
swiftui_$sSo30UIApplicationOpenURLOptionsKeyaSHSCSQWb0x10015472chigh
swiftui_$sSo30UIApplicationOpenURLOptionsKeyaABSQSCWl0x100154740high
swiftui_$sSo30UIApplicationOpenURLOptionsKeyaABs20_SwiftNewtypeWrapperSCWl0x1001547b0high
swiftui_$s7DVIA_v211AppDelegateC11application_4open7optionsSbSo13UIApplicationC_10Foundation3URLVSDySo0H17OpenURLOptionsKeyaypGtFfA1_0x100152930medium
swiftui_$s7DVIA_v211AppDelegateC11application_4open7optionsSbSo13UIApplicationC_10Foundation3URLVSDySo0H17OpenURLOptionsKeyaypGtF0x100152998medium
swiftuiapplication:openURL:options:0x100152f94medium
custom_$s7DVIA_v2041SecurityDecisionsViewUntrustedInputDetailE10ControllerC21URLSchemeButtonTappedyyypF0x10016fa1cmedium
customURLSchemeButtonTapped:0x10016fa7cmedium
customwithSessionDeeplink:0x1002e374cmedium
customoriginDeeplink0x1002e3dd4medium
customsetOriginDeeplink:0x1002e3ddcmedium
customaddSessionOrigin:withDeepLink:0x100310010medium
customsetSessionOrigin:deeplink:0x10031176cmedium
customsetOrigin:withDeepLink:0x10031b468medium
custom___52-[FlurrySessionOriginSource_setOrigin:withDeepLink:]_block_invoke0x10031b52cmedium
customonqueue_setOrigin:withDeepLink:0x10031b544medium
custominitWithOrigin:deeplink:0x1003297d8medium
customsessionOriginWithOrigin:deeplink:0x100329880medium
customdeeplink0x100329cd0medium
customsetDeeplink:0x100329ce0medium
swiftui_objc_msgSend$canOpenURL:0x10036f984medium
custom_$sSo38UIApplicationOpenExternalURLOptionsKeyas21_ObjectiveCBridgeableSCsACP09_bridgeToF1C01_F5CTypeQzyFTW0x100172380low
custom_$sSo38UIApplicationOpenExternalURLOptionsKeyas21_ObjectiveCBridgeableSCsACP016_forceBridgeFromF1C_6resulty01_F5CTypeQz_xSgztFZTW0x1001723b8low
custom_$sSo38UIApplicationOpenExternalURLOptionsKeyas21_ObjectiveCBridgeableSCsACP024_conditionallyBridgeFromF1C_6resultSb01_F5CTypeQz_xSgztFZTW0x100172400low
custom_$sSo38UIApplicationOpenExternalURLOptionsKeyas21_ObjectiveCBridgeableSCsACP026_unconditionallyBridgeFromF1Cyx01_F5CTypeQzSgFZTW0x10017244clow
custom_$sSo38UIApplicationOpenExternalURLOptionsKeyaSHSCSH9hashValueSivgTW0x100172494low
custom_$sSo38UIApplicationOpenExternalURLOptionsKeyaSHSCSH4hash4intoys6HasherVz_tFTW0x1001724d0low
custom_$sSo38UIApplicationOpenExternalURLOptionsKeyaSHSCSH13_rawHashValue4seedS2i_tFTW0x100172514low
custom_$sSo38UIApplicationOpenExternalURLOptionsKeyaSQSCSQ2eeoiySbx_xtFZTW0x100172558low
custom_$sSo38UIApplicationOpenExternalURLOptionsKeyaSYSCSY8rawValuexSg03RawG0Qz_tcfCTW0x1001725a0low
custom_$sSo38UIApplicationOpenExternalURLOptionsKeya8rawValueABSS_tcfC0x1001725d4low
custom_$sSo38UIApplicationOpenExternalURLOptionsKeyaSYSCSY8rawValue03RawG0QzvgTW0x10017263clow
custom_$sSo38UIApplicationOpenExternalURLOptionsKeya8rawValueSSvg0x10017266clow
custom_$sSo38UIApplicationOpenExternalURLOptionsKeyas35_HasCustomAnyHashableRepresentationSCsACP03_toghI0s0hI0VSgyFTW0x1001726b8low
custom_$sSo38UIApplicationOpenExternalURLOptionsKeyaMa0x1001727b0low
custom_$sSo38UIApplicationOpenExternalURLOptionsKeyaABSHSCWl0x100172850low
custom_$sSo38UIApplicationOpenExternalURLOptionsKeyas20_SwiftNewtypeWrapperSCSYWb0x100172cc8low
custom_$sSo38UIApplicationOpenExternalURLOptionsKeyaABSYSCWl0x100172cdclow
custom_$sSo38UIApplicationOpenExternalURLOptionsKeyas20_SwiftNewtypeWrapperSCs35_HasCustomAnyHashableRepresentationPWb0x100172d4clow
custom_$sSo38UIApplicationOpenExternalURLOptionsKeyaABs35_HasCustomAnyHashableRepresentationSCWl0x100172d60low
custom_$sSo38UIApplicationOpenExternalURLOptionsKeyaSHSCSQWb0x100172dd0low
custom_$sSo38UIApplicationOpenExternalURLOptionsKeyaABSQSCWl0x100172de4low
custom_$sSo38UIApplicationOpenExternalURLOptionsKeyaABs20_SwiftNewtypeWrapperSCWl0x100172e54low
custom___69-[CBLOpenIDConnectAuthorizer_continueAsyncLoginWithURL:continuation:]_block_invoke0x1001bf918low
custom___69-[CBLOpenIDConnectAuthorizer_continueAsyncLoginWithURL:continuation:]_block_invoke_20x1001bf9c4low
customopenForURLRequest:0x1001cc37clow
customURLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:0x1001f0298low
custom___92-[CBLRemoteSession_URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]_block_invoke0x1001f03b0low
customURLSession:task:didReceiveChallenge:completionHandler:0x1001f046clow
custom___74-[CBLRemoteSession_URLSession:task:didReceiveChallenge:completionHandler:]_block_invoke0x1001f055clow
customURLSession:dataTask:didReceiveResponse:completionHandler:0x1001f08f8low
custom___77-[CBLRemoteSession_URLSession:dataTask:didReceiveResponse:completionHandler:]_block_invoke0x1001f09eclow
unknownURLSession:dataTask:didReceiveData:0x1001f0b78low
unknown___55-[CBLRemoteSession_URLSession:dataTask:didReceiveData:]_block_invoke0x1001f0c28low
customURLSession:dataTask:willCacheResponse:completionHandler:0x1001f0ee0low
unknowninitWithWebSocket:transportQueue:URL:incoming:0x100241e18low
customhandlesURL:0x1002972fclow
customURLSession:didReceiveChallenge:completionHandler:0x1002d7d9clow
customURLSession:dataTask:didReceiveResponse:completionHandler:0x1002d7faclow
unknownURLSession:dataTask:didReceiveData:0x1002d8214low
customURLSession:dataTask:willCacheResponse:completionHandler:0x1002d8330low
customURLSession:task:didReceiveChallenge:completionHandler:0x1002d8598low
customURLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:0x1002d8a5clow
unknownURLSession:betterRouteDiscoveredForStreamTask:0x1002d9238low
unknownURLSession:dataTask:didReceiveData:0x1002fe37clow
customURLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:0x1002fe668low
customsubmitURLWithCompletionHandler:0x100304150low
custom___49-[FlurryGDPRUtil_submitURLWithCompletionHandler:]_block_invoke0x100304344low
customhandleDownloadedData:withURLSession:withDownloadTask:0x10032a7c4low
custom___79-[FConfigRemoteAPIClient_handleDownloadedData:withURLSession:withDownloadTask:]_block_invoke0x10032a890low

UI Entry Points

AddressTypeClassSymbol
0x10013545cviewDidLoad_$s7DVIA_v219LearnViewControllerC11viewDidLoadyyF
0x100135690viewDidLoadviewDidLoad
0x1001374acviewDidLoad_$s7DVIA_v238TransportLayerProtectionViewControllerC11viewDidLoadyyF
0x100137a90viewDidLoadviewDidLoad
0x10013d988viewDidLoad_$s7DVIA_v233RuntimeManipulationViewControllerC11viewDidLoadyyF
0x10013dd30viewDidLoadviewDidLoad
0x10013fea0viewDidLoad_$s7DVIA_v232JailbreakDetectionViewControllerC11viewDidLoadyyF
0x100140248viewDidLoadviewDidLoad
0x100145960viewDidLoad_$s7DVIA_v219RealmViewControllerC11viewDidLoadyyF
0x100145a68viewDidLoadviewDidLoad
0x100147554viewDidLoad_$s7DVIA_v219PListViewControllerC11viewDidLoadyyF
0x10014765cviewDidLoadviewDidLoad
0x100149998viewDidLoad_$s7DVIA_v233ApplicationPatchingViewControllerC11viewDidLoadyyF
0x100149dccviewDidLoadviewDidLoad
0x10014a79cviewDidLoad_$s7DVIA_v220WebkitViewControllerC11viewDidLoadyyF
0x10014a8a4viewDidLoadviewDidLoad
0x10014b50cviewDidLoad_$s7DVIA_v221CookiesViewControllerC11viewDidLoadyyF
0x10014b62cviewDidLoadviewDidLoad
0x10014e170viewDidLoad_$s7DVIA_v224PasteboardViewControllerC11viewDidLoadyyF
0x10014e278viewDidLoadviewDidLoad
0x10014f370viewDidLoad_$s7DVIA_v222CoreDataViewControllerC11viewDidLoadyyF
0x10014f478viewDidLoadviewDidLoad
0x1001518c8viewDidLoad_$s7DVIA_v227DonateDetailsViewControllerC11viewDidLoadyyF
0x100151d68viewDidLoadviewDidLoad
0x100155218viewDidLoad_$s7DVIA_v234SensitiveInformationViewControllerC11viewDidLoadyyF
0x1001555f4viewDidLoadviewDidLoad
0x100156590viewDidLoad_$s7DVIA_v240ApplicationPatchingDetailsViewControllerC11viewDidLoadyyF
0x10015684cviewDidLoadviewDidLoad
0x1001577bcviewDidLoad_$s7DVIA_v230BinaryProtectionViewControllerC11viewDidLoadyyF
0x100157b64viewDidLoadviewDidLoad
0x10015a4c0viewDidLoad_$s7DVIA_v218RootViewControllerC11viewDidLoadyyF
0x10015adacviewDidLoadviewDidLoad
0x10015fea0viewDidLoad_$s7DVIA_v228TouchIDDetailsViewControllerC11viewDidLoadyyF
0x10015ff20viewDidLoadviewDidLoad
0x100162cf8viewDidLoad_$s7DVIA_v240RuntimeManipulationDetailsViewControllerC11viewDidLoadyyF
0x10016338cviewDidLoadviewDidLoad
0x1001657d0viewDidLoad_$s7DVIA_v220DonateViewControllerC11viewDidLoadyyF
0x100165b20viewDidLoadviewDidLoad
0x10016a360viewDidLoad_$s7DVIA_v230KeystrokeLoggingViewControllerC11viewDidLoadyyF
0x10016a468viewDidLoadviewDidLoad
0x10016af78viewDidLoad_$s7DVIA_v239ClientSideInjectionDetailViewControllerC11viewDidLoadyyF
0x10016b108viewDidLoadviewDidLoad
0x10016cf34viewDidLoad_$s7DVIA_v224DeviceLogsViewControllerC11viewDidLoadyyF
0x10016d03cviewDidLoadviewDidLoad
0x10016f8d8viewDidLoad_$s7DVIA_v2041SecurityDecisionsViewUntrustedInputDetailE10ControllerC11viewDidLoadyyF
0x10016f9e0viewDidLoadviewDidLoad
0x10017333cviewDidLoad_$s7DVIA_v247SecurityDecisonsViaUntrustedInputViewControllerC11viewDidLoadyyF
0x10017368cviewDidLoadviewDidLoad
0x100173ec4viewDidLoad_$s7DVIA_v236SideChannelDataLeakageViewControllerC11viewDidLoadyyF
0x100174214viewDidLoadviewDidLoad
0x100174e14viewDidLoad_$s7DVIA_v222KeychainViewControllerC11viewDidLoadyyF
0x100174f1cviewDidLoadviewDidLoad
0x100176028viewDidLoad_$s7DVIA_v227CouchbaseLiteViewControllerC11viewDidLoadyyF
0x100176130viewDidLoadviewDidLoad
0x100177438viewDidLoad_$s7DVIA_v234ExcessivePermissionsViewControllerC11viewDidLoadyyF
0x1001777e0viewDidLoadviewDidLoad
0x100178668viewDidLoad_$s7DVIA_v222PhishingViewControllerC11viewDidLoadyyF
0x100178a10viewDidLoadviewDidLoad
0x10017a128viewDidLoad_$s7DVIA_v249SensitiveInformationInMemoryDetailsViewControllerC11viewDidLoadyyF
0x10017a230viewDidLoadviewDidLoad
0x10017af04viewDidLoad_$s7DVIA_v227TouchIDBypassViewControllerC11viewDidLoadyyF
0x10017b2acviewDidLoadviewDidLoad
0x10017c488viewDidLoad_$s7DVIA_v222SideMenuViewControllerC11viewDidLoadyyF
0x10017c7bcviewDidLoadviewDidLoad
0x10017ebe8viewDidLoad_$s7DVIA_v233AttackingThirdPartyViewControllerC11viewDidLoadyyF
0x10017ef90viewDidLoadviewDidLoad
0x10017f7c8viewDidLoad_$s7DVIA_v227AppScreenshotViewControllerC11viewDidLoadyyF
0x10017f8d0viewDidLoadviewDidLoad
0x1001800ecviewDidLoad_$s7DVIA_v226UserDefaultsViewControllerC11viewDidLoadyyF
0x1001801f4viewDidLoadviewDidLoad
0x100182358viewDidLoad_$s7DVIA_v242BrokenCryptographyPinDetailsViewControllerC11viewDidLoadyyF
0x1001823d8viewDidLoadviewDidLoad
0x100186328viewDidLoad_$s7DVIA_v218HomeViewControllerC11viewDidLoadyyF
0x1001868a4viewDidLoadviewDidLoad
0x10018a098viewDidLoad_$s7DVIA_v231FlurryLeakDetailsViewControllerC11viewDidLoadyyF
0x10018a118viewDidLoadviewDidLoad
0x10018ce9cviewDidLoad_$s7DVIA_v231CameraPermissionsViewControllerC11viewDidLoadyyF
0x10018cfe8viewDidLoadviewDidLoad
0x100191710viewDidLoad_$s7DVIA_v225YapDatabaseViewControllerC11viewDidLoadyyF
0x100191818viewDidLoadviewDidLoad
0x100193560viewDidLoad_$s7DVIA_v204AntiC30HookingDebuggingViewControllerC11viewDidLoadyyF
0x100193908viewDidLoadviewDidLoad
0x100195410viewDidLoad_$s7DVIA_v232BrokenCryptographyViewControllerC11viewDidLoadyyF
0x1001957b8viewDidLoadviewDidLoad
0x1001971a8viewDidLoad_$s7DVIA_v239BrokenCryptographyDetailsViewControllerC11viewDidLoadyyF
0x100197228viewDidLoadviewDidLoad
0x1001991e4viewDidLoad_$s7DVIA_v233ClientSideInjectionViewControllerC11viewDidLoadyyF
0x10019958cviewDidLoadviewDidLoad
0x10019a7d8viewDidLoad_$s7DVIA_v233InsecureDataStorageViewControllerC11viewDidLoadyyF
0x10019add8viewDidLoadviewDidLoad
0x1002f00f0viewDidLoad-[UIViewController(FlurryScreenTimeMonitor)_fl_swizzled_viewDidLoad]
0x10003d78cswiftui_observergetSectionChanges:rowChanges:forNotifications:withMappings:
0x10003e1c8swiftui_observer___88-[YapDatabaseViewConnection_getSectionChanges:rowChanges:forNotifications:withMappings:]_block_invoke
0x1000fe508swiftui_observerpreProcessChanges:withOriginalMappings:finalMappings:andGetSectionChanges:rowChanges:
0x100100f18swiftui_observerconsolidateSectionChanges:
0x100105230swiftui_observerpostProcessAndFilterSectionChanges:withOriginalMappings:finalMappings:
0x100105a44swiftui_observergetSectionChanges:rowChanges:withOriginalMappings:finalMappings:fromChanges:
0x1001d63ecswiftui_observeronChange
0x1001d63fcswiftui_observersetOnChange:
0x100291fe0swiftui_observerreplicationChanged:
0x10036fe84swiftui_observer_objc_msgSend$consolidateSectionChanges:
0x1003724c4swiftui_observer_objc_msgSend$getSectionChanges:rowChanges:withOriginalMappings:finalMappings:fromChanges:
0x100375424swiftui_observer_objc_msgSend$postProcessAndFilterSectionChanges:withOriginalMappings:finalMappings:
0x1003755a4swiftui_observer_objc_msgSend$preProcessChanges:withOriginalMappings:finalMappings:andGetSectionChanges:rowChanges:
0x100137accviewWillAppear_$s7DVIA_v238TransportLayerProtectionViewControllerC14viewWillAppearyySbF
0x100137ba0viewWillAppearviewWillAppear:
0x10013dd6cviewWillAppear_$s7DVIA_v233RuntimeManipulationViewControllerC14viewWillAppearyySbF
0x10013de40viewWillAppearviewWillAppear:
0x100140284viewWillAppear_$s7DVIA_v232JailbreakDetectionViewControllerC14viewWillAppearyySbF
0x100140358viewWillAppearviewWillAppear:
0x100149e08viewWillAppear_$s7DVIA_v233ApplicationPatchingViewControllerC14viewWillAppearyySbF
0x100149edcviewWillAppearviewWillAppear:
0x100155630viewWillAppear_$s7DVIA_v234SensitiveInformationViewControllerC14viewWillAppearyySbF
0x100155704viewWillAppearviewWillAppear:
0x100156888viewWillAppear_$s7DVIA_v240ApplicationPatchingDetailsViewControllerC14viewWillAppearyySbF
0x10015695cviewWillAppearviewWillAppear:
0x100157d34viewWillAppear_$s7DVIA_v230BinaryProtectionViewControllerC14viewWillAppearyySbF
0x100157e08viewWillAppearviewWillAppear:
0x100165bf4viewWillAppear_$s7DVIA_v220DonateViewControllerC14viewWillAppearyySbF
0x100165cc8viewWillAppearviewWillAppear:
0x1001736c8viewWillAppear_$s7DVIA_v247SecurityDecisonsViaUntrustedInputViewControllerC14viewWillAppearyySbF
0x10017379cviewWillAppearviewWillAppear:
0x100174250viewWillAppear_$s7DVIA_v236SideChannelDataLeakageViewControllerC14viewWillAppearyySbF
0x100174324viewWillAppearviewWillAppear:
0x1001778b4viewWillAppear_$s7DVIA_v234ExcessivePermissionsViewControllerC14viewWillAppearyySbF
0x100177988viewWillAppearviewWillAppear:
0x100178be0viewWillAppear_$s7DVIA_v222PhishingViewControllerC14viewWillAppearyySbF
0x100178cb4viewWillAppearviewWillAppear:
0x10017b47cviewWillAppear_$s7DVIA_v227TouchIDBypassViewControllerC14viewWillAppearyySbF
0x10017b550viewWillAppearviewWillAppear:
0x10017efccviewWillAppear_$s7DVIA_v233AttackingThirdPartyViewControllerC14viewWillAppearyySbF
0x10017f0a0viewWillAppearviewWillAppear:
0x1001868e0viewWillAppear_$s7DVIA_v218HomeViewControllerC14viewWillAppearyySbF
0x1001869b4viewWillAppearviewWillAppear:
0x100193944viewWillAppear_$s7DVIA_v204AntiC30HookingDebuggingViewControllerC14viewWillAppearyySbF
0x100193a18viewWillAppearviewWillAppear:
0x1001957f4viewWillAppear_$s7DVIA_v232BrokenCryptographyViewControllerC14viewWillAppearyySbF
0x1001958c8viewWillAppearviewWillAppear:
0x1001995c8viewWillAppear_$s7DVIA_v233ClientSideInjectionViewControllerC14viewWillAppearyySbF
0x10019969cviewWillAppearviewWillAppear:
0x10019ae14viewWillAppear_$s7DVIA_v233InsecureDataStorageViewControllerC14viewWillAppearyySbF
0x10019aee8viewWillAppearviewWillAppear:
0x1002f01e8viewDidAppear-[UIViewController(FlurryScreenTimeMonitor)_fl_swizzled_viewDidAppear:]
0x1003651a0viewDidAppearviewDidAppear: