Supported Applications

Currently, only 1st party, debuggable builds are compatible with jailed testing. 3rd party mobile apps downloaded from the App Store cannot be tested on jailed devices but can continue to be tested via existing jailbroken testing methods on Workstation. Outside of that, as long as the mobile apps are debuggable, they can be obtained from a number of sources, including:

  • XCode
  • TestFlight
  • Additional content delivery applications
  • Sideload directly onto the device

Only jailed-testing compatible mobile apps will be shown in the dialog box list when running a jailed assessment in NowSecure Workstation.

Comparable Coverage: Jailbroken vs. Jailed Testing

Check Type Jailbroken Jailed
Sensitive Data: HTTP Dynamic
Sensitive Data: Local Files Dynamic
Sensitive Data: System Logs Dynamic
Sensitive Data: Memory Dump Dynamic
Sensitive Data: Keychain Dynamic
HTTP Requests Dynamic
Certificate Validation Dynamic
Certificate Pinning Dynamic
SSL Downgrade Dynamic
ASLR Static
Stack Smashing Static
ARC Static
Heartbleed Static
OpenSSL CCS Static
Local Authentication Static
App Transport Security Static
Crypto Libraries Static

From a coverage and results perspective, NowSecure Workstation provides the same level of information with jailed testing as traditional jailbroken testing. In upcoming releases, NowSecure will be expanding jailed testing to include additional test capabilities never before seen in an enterprise-grade security testing product.