Abstract:
Transport Layer Security (TLS) plays an important role in today’s internet infrastructure. Mobile phones are part of everyday life and are commonly used for privacysensitive communication like instant messaging or online banking. Ideally, these applications are secured by TLS. Using TLS-Server-Scanner and TLS-Client-Scanner, developed by Ruhr University Bochum and Paderborn University, a program called TlsInstantMessengerEval (Eval) was written which is able to dynamically analyze the TLS properties of Android apps like instant messengers. This thesis uses Eval as the basis for developing a tool which allows TLS analysis using iOS apps. This new tool called iOS-Tls-Analyzer (iTA) is designed to work with Corellium, a platform for emulating mobile devices, here, specifically an iPhone 7. In order to force apps to connect securely via HTTPS using strong TLS properties, Apple designed a mechanism called App Transport Security (ATS) several years back. App developers can however decide to opt out of ATS by including ATS exceptions which loosen the default requirements of ATS. Several apps are then scanned using iTA and it is verified that Apple’s ATS feature works as designed for the subset of ATS exceptions tested in this work.