雖然在一般人的印象中Apple公司的產品不管是硬體或是軟體都被認為是安全性很高、病毒很少且鮮少成為駭客的攻擊對象，但是隨著市佔率的提升，越來越多針對iOS的攻擊產生。最早Apple公司對於行動應用(App)與軟體的部分有諸多的限制，衍生出不少越獄玩家將他們的行動裝置或是平板越獄，越獄俗稱改機，大部分的用戶不知道裝置越獄後安全性會降低，導致裝置越獄成為駭客下手的重點。

另一方面，智慧型手機或平板服務的範圍還蓋著我們的生活的每個部分，可以透過行動應用做大大小小的事，像是當作信用卡做花費、買賣股票、醫療保健等等，幾乎每樣都會干涉到個人敏感性的資料，尤其是金融類的應用，導致安全性跟隱私受到重視，特別是在行動應用的使用上。

本篇論文會以攻擊者或是檢側方的角度對現今iOS在行動應用上的安全性分析，其中包括基本的檢測手法，攻擊的必要條件等。最後本篇論文會提供一個安全開發的方式，將一些基本的功能製作成Framework供其他開發者使用及參考，並設計一個實驗來驗證這個方法的可行性。

Although Apple's products, both hardware and software, are considered to be highly secure, viral-free and rarely targeted by hackers, with the increase of market share, more and more hackers are attacking iOS. In the past, Apple company had many restrictions on mobile apps and software parts, resulting in many users jailbreak their mobile devices or pads. Most users do not know that the security of devices will be critical after jailbreak, resulting in device jailbreaking becoming the center of attention.

On the other hand, smart mobile services can be said to be ubiquitous. We use mobile apps to chat with friends, take photo, watch video or stream, buy something to eat and lots of other stuff. Almost every service involves personal sensitive information, especially financial applications, which leads to the importance of security and privacy, especially in the use of mobile apps.

This paper will analyze the security of iOS in mobile applications(apps) from attacker's point of view, including basic detection techniques, the high-risk device status and so on. Finally, we will provide a secure method to develop mobile apps, a framework for other developers to use and reference, and design an experiment to verify the feasibility of this method.

[1]Apple official announcement.https://support.apple.com/en-us/HT201954.[2]Bypass iphone jailbreak detection.https://cydia-app.com/jailbreak-detection/.[3]Github: Disable adapters.https://gist.github.com/mattlawer.[4]Github: Mobsf.https://github.com/MobSF/Mobile-Security-Framework-MobSF.[5]Hacker publishes poc for remote ios 12 jailbreak on iphone x.https://thehackernews.com/2019/01/ios12-jailbreak-exploit.html?fbclid=IwAR0zi40sUEtG6J30PGanONt0cuVS59JdBlV40xvVQhVsuVwSEE3qLk7LAw0.[6]Hopper home page.https://www.hopperapp.com/.[7]ios trustjacking - a vulnerability exploits iphone-sync service.https://www.symantec.com/blogs/feature-stories/ios-trustjacking-dangerous-new-ios-vulnerability.[8]Lifewire: What is ipa file?https://www.lifewire.com/ipa-file-2621838.[9]Mrmad: Cydia substrate.https://mrmad.com.tw/saurik-update-cydia-substrate-v097000-support-ios11.
[10]Sandbox in ios.https://developer.apple.com/apple-pay/sandbox-testing/.[11]A spy app exodus.https://chinese.engadget.com/2019/04/09/exodus-spyware-ios/.[12]Wikipedia: Malware for ios.https://www.theiphonewiki.com/wiki/Malware_for_iOS.[13]Xcodeghost.https://blog.trendmicro.com.tw/?p=14517.[14]Arpita Jadhav Bhatt and Chetna Gupta. Comparison of static and dynamicanalyzer tools for ios applications.Wireless Personal Communications, 96(3):4013–4046, 2017.[15]Christian J D’Orazio, Rongxing Lu, Kim-Kwang Raymond Choo, andAthanasios V Vasilakos. A markov adversary model to detect vulnerable iosdevices and vulnerabilities in ios apps.Applied Mathematics andComputation, 293:523–544, 2017.[16]E.K.A.M.O.P. Gera.CURRENT TRENDS OF IT AND CYBER SECURITY.Horizon Books ( A Division of Ignited Minds Edutech P Ltd), 2014.[17]Alfonso Solimeo, Luca Capacci, Stefano Taino, and Rebecca Montanari.Mad-ios: Dynamic app vulnerability analysis in non-jailbroken devices. InITASEC, 2018.[18]GuoMiao Zhou, Ming Duan, Qi Xi, and Hao Wu. Chandet: Detection modelfor potential channel of ios applications. InJournal of Physics: ConferenceSeries, page 042045. IOP Publishing, 2019.