This Help Article will guide you, step by step, on how to scan your iOS mobile app with AppSweep.
Create a new iOS applications
Once you are logged in in AppSweep, proceed to create a new application in your team.
AppSweep will prompt you to select the applicable platform (iOS in your case) from a dropdown menu: this way your security scans for your iOS app will be neatly stored in your iOS applications.
2. Upload/drag and drop your iOS app
Here you have two options and which option works best for you depends on whether you want to scan an obfuscated or unobfuscated version of your iOS app.
Option 1: you straight forward upload your zipped XCArchive file. If your XCArchive is not zipped by default, you must proceed to package it in a zip file prior to uploading it to AppSweep.
Option 2: you decide to upload your IPA.
Here you must pay attention and upload an IPA that does contain debug symbols❗Debug symbols are needed to perform in depth analysis in AppSweep.
3. How to include debug symbols in your iOS application
Debug symbols are automatically included when archiving your app for distribution using XCode: there is an “Upload your app‘s “ checkbox that by default is ticked, see below.
4. If you happen to forget upload an iOS app with debug symbols
For an iOS app with no debug symbols (either in the format of IPA or XCArchive), AppSweep will process your build with limited findings. Builds without symbol files will show the warning below, indicating that this was not a thorough scan of the app.
5. Your iOS security vulnerabilities
After a successful scan, AppSweep will return the list of vulnerabilities found.
Similarly to what happens with Android apps, you can filter the result either by severity or you can take advantage of the OWASP MASVS.
