Life-cycle of iOS app and rules example

iOS naturally prevents local or web-based attacks.

For example, when a hostile app is active and attempts to exploit vulnerabilities to attack the victim app (with network services), the victim on the same device would be suspended by the iOS system due to the life-cycle (e.g., active, background, and suspended running state) specification of iOS apps (https://developer.apple.com/library/archive/documentation/iPhone/Conceptual/iPhoneOSProgrammingGuide/TheAppLifeCycle/TheAppLifeCycle.html), thereby thwarting the local adversary.

This principle also applies to web adversaries since a web-based attack eventually utilizes a local browser to attack the victim app. For example, left Figure demonstrates that a browser can access the Libby's web service, but the service is disabled immediately due to the life-cycle specification.

We also acknowledge several exceptions can however be attributed to local or web adversaries:

(i) iOS apps can apply for additional background time (within roughly 10 minutes) for any code execution, but the default background execution time is limited to 10 seconds.

(ii) The Webview component in an app can execute a web adversary's payload to attack the vulnerable network service within the same app. For example, the web adversary injects a malformed URL for the victim, and entices the victim to click the URL.

(iii) The app (e.g., FaceTime), designed on a daemon process (e.g., Handoff feature), will not be suspended by the iOS system.

Nevertheless, this is not a common case since many conditions are precluded for mounting this successful attack.