# 9. iOS Static Analysis

> ❗ Always refer to a HackerOne Bug Bounty program to find valid targets
>
> 🔗 [HackerOne iOS programs](https://hackerone.com/opportunities/all/search?asset_types=APPLE_STORE_APP_ID%2CTESTFLIGHT%2COTHER_IPA\&ordering=Newest+programs)
>
> * 🧪 `e.g.` - [1.1.1.1 - com.cloudflare.1dot1dot1dot1](https://hackerone.com/cloudflare) Cloudflare iOS is in scope

Unzip the `.ipa` file and check the various files inside it

* Inside the `Payload` folder check for `plist` files, `Framekworks` folder for app's source code, other `json` files on different folders
* Check for hardcoded strings in the files.

![](/files/vhC0F2nqomZxQ9Wa3JKK)

![](/files/b5KlYjTd6PxJJhvEtpua)

![Info.plist](/files/pDc6Opo3lMMPSicg6wVj)

Run MobSF and import the `.ipa` file into it for local static analysis

* Check the sections, look for different files, strings and look through interesting information about the app

![MobSF - 1.1.1.1.ipa](/files/Wyf9GIN0d1rDeAhhglKS)

![MobSF Application Security Scorecard - 1.1.1.1 6.23](/files/GpOw9Nh1txA7ratGm7hu)

![](/files/E59usPsHbaTFlu8aECFN)

![](/files/hablLoEGF97caDMDqch1)

![](/files/o1AnP0yUFy7OxwVHUEht)

***


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://blog.syselement.com/tcm/courses/mapt/9-ios-static.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.