Artifacts
Introduction
An artifact is a specific file detected during our MATRIX scan. These files are typically found in the application's binary, and can be used to identify potential security vulnerabilities.
We surface these in the report with either the contents or the filepath to help you identify potential locations for hardcoded API keys, credentials or sensitive application values.
Types of Artifacts
iOS
| Type | Description |
|---|---|
| Application Code Signing | The application's code signing information. |
| Plist Files | The application's property list files, which contain configuration data. |
| Application Databases | A list of all databases the application has within local storage and the path to the files for the user. |
| Application Certificates | The application's certificates. These can be used for certificate pinning implementations, code signing, and cryptographic purposes and can be used to assist in various manual testing efforts. |
| Keychain Dump | The application's keychain dump. This can be used to identify sensitive information stored in the keychain. |
| Background Modes | The application's background modes. In iOS, background modes allow apps to continue performing tasks or providing services even when they are not in the foreground. This is essential for ensuring a seamless user experience, as some tasks need to run in the background to deliver timely updates or maintain functionality. Apple provides several background modes that developers can use based on the app’s requirements. From a security perspective, background modes in iOS can potentially be exploited by malicious apps. These concerns include user tracking, data exfiltration, eavesdropping, and resource abuse. |
| Geolocation | The geolocation of all the domains connected to by the application. |
Android
| Type | Description |
|---|---|
| Application Contains Hardcoded URLs | This artifact statically checks for hardcoded URLs within the application codebase and resources. |
| Application Utilizes Intents Vulnerable to Redirection | The application has intents marked as exported. A manual review is needed to assess for a potential vulnerability. |
| Geolocation | The geolocation of all the domains connected to by the application. |