Jekyll2022-11-14T12:16:33+01:00https://appscan-hq.com/feed.xmlAppScan - Better Apps with better dataMORISSARD Jérômehello@appscan-hq.comMore than 81% of the top Apps are Native Apps2022-10-17T00:00:00+02:002022-10-17T00:00:00+02:00https://appscan-hq.com/technlogy-impact-your-rank<p>Since the beginning of this project I have been wondering.<br />
It’s it so important for the end User to use an App that is not developed natively.<br />
For my part, i am too much in love with the Apple ecosystem & Swift.</p>
<p>So I was wondering if we could detect and measure an impact on the choice of technology used to develop the application.</p>
<p>In this study, I decided to focus on Apps rankings, using 10566 Apps scanned by AppScan.</p>
<h1 id="native-is-dominiting-the-apps-development">Native is dominiting the Apps development</h1>
<p><img src="https://appscan-hq.com/assets/images/illustrations/technology-native-rank.png" alt="alt" /></p>
<ul>
<li>Native development is far ahead</li>
<li>Globally, without a focus on the top ranked Apps, we detected 75% of native Apps, which is very close to the first 1st article of that blog <a href="/appscan-appstore-technologies.html">the 1st article</a></li>
<li>If we look from the Top 100 to the Top 10, the pourcentage increase at every step.</li>
<li>Finally, if we study only the 401 Top 10 Apps, 81.3% are fully native.</li>
</ul>
<h2 id="react-native-at-the-second-place">React native at the second place</h2>
<p><img src="https://appscan-hq.com/assets/images/illustrations/technology-reactnative-rank.png" alt="alt" /></p>
<ul>
<li>ReactNative is the number 2.</li>
<li>If we look to the Top 100 to 10, React Native is pretty stable. (is it a sign of maturity?)</li>
</ul>
<h2 id="flutter-the-challenger">Flutter, the challenger?</h2>
<p><img src="https://appscan-hq.com/assets/images/illustrations/technology-flutter-rank.png" alt="alt" /></p>
<ul>
<li>Flutter is the number 3.</li>
<li>To the Top 100 to 10, Flutter decrease at every step.</li>
</ul>
<h2 id="impact-of-the-technology-on-rank-conclusion">Impact of the technology on rank, conclusion</h2>
<p>If your goal is to take a seat in the top ranked Apps, developing a native app seems mandatory. ReactNative et Flutter are good challengers.<br />
I forgot to mention Cordova & Xamarin in this study but the numbers are small than Flutter and the correlation pretty similar (less and less pourentage on each steps to the top 10)</p>
<h2 id="but--how-is-ranked-an-app">But …. how is ranked an App?</h2>
<p>While writing this article I had some hesitations…<br />
How does Apple decide to rank an app?<br />
Is it just a fair result?</p>MORISSARD Jérômehello@appscan-hq.comSince the beginning of this project I have been wondering. It’s it so important for the end User to use an App that is not developed natively. For my part, i am too much in love with the Apple ecosystem & Swift.AppStore schemes database2022-09-26T00:00:00+02:002022-09-26T00:00:00+02:00https://appscan-hq.com/schemes-database<p>On September 2022, AppScan has scanned more that 5000 Apps in the most top ranked.<br />
Finally, we decided to build a <strong>schemes</strong> database & to published somes of our discoveries.</p>
<h1 id="app-schemes">App Schemes</h1>
<p>App schemes give a way to open your App using a custom declared <strong>scheme</strong>.</p>
<h2 id="what-is-a-scheme">What is a Scheme</h2>
<p>A URL (Uniform Resource Locator) is a unique identifier used to locate a resource.<br />
URLs consist of multiple parts – including a protocol and domain name – that tell a web browser how and where to retrieve a resource.</p>
<p><a href="https://developer.apple.com/documentation/xcode/defining-a-custom-url-scheme-for-your-app">The documentation of Apple</a> is pretty simple :</p>
<ul>
<li>Yes, you can expose custom Scheme to allow other Apps to trigger your app</li>
<li>But it’s bad in terms of security</li>
</ul>
<p class="notice--danger"><strong>Warning</strong><br />
URL schemes offer a potential attack vector into your app, so make sure to validate all URL parameters and discard any malformed URLs.<br />
In addition, limit the available actions to those that don’t risk the user’s data.<br />
For example, don’t allow other apps to directly delete content or access sensitive information about the user.<br />
When testing your URL-handling code, make sure your test cases include improperly formatted URLs.</p>
<p>So, you can declare a custom <strong>scheme</strong> and your app will be open if someome click on a link <a href="openMyAwesomeApp://">openMyAwesomeApp://</a></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>openMyAwesomeApp://
</code></pre></div></div>
<p>but everybody is able to register this, so i can create my hijacking App and declare the same custom <strong>scheme</strong> and my application can be opened instead of yours.</p>
<p>On September 2022, AppScan database contains <strong>5665 Apps</strong>, we compiled the App declared public <strong>schemes</strong> to illustrate the problems and the schemes usage.</p>
<h2 id="some-metrics-about-our-ios-schemes-database">Some metrics about our iOS Schemes database</h2>
<ul>
<li>30 schemes are used more that 5 times.</li>
<li>347 schemes are used more that one time,</li>
<li>13932 unique schemes,</li>
</ul>
<h2 id="ios-top-hijacked-schemes">iOS top hijacked Schemes</h2>
<table>
<tbody>
<tr>
<td>Schemes</td>
<td>number of apps</td>
</tr>
<tr>
<td>prefs</td>
<td>153</td>
</tr>
<tr>
<td>https</td>
<td>28</td>
</tr>
<tr>
<td>capacitor</td>
<td>23</td>
</tr>
<tr>
<td>http</td>
<td>22</td>
</tr>
<tr>
<td>kindle</td>
<td>17</td>
</tr>
<tr>
<td>tel</td>
<td>17</td>
</tr>
<tr>
<td>mailto</td>
<td>17</td>
</tr>
<tr>
<td>sms</td>
<td>16</td>
</tr>
<tr>
<td>bma4sreceiver</td>
<td>14</td>
</tr>
<tr>
<td>appcenter-</td>
<td>12</td>
</tr>
<tr>
<td>expapp000</td>
<td>12</td>
</tr>
<tr>
<td>App-Prefs</td>
<td>10</td>
</tr>
<tr>
<td>app</td>
<td>8</td>
</tr>
<tr>
<td>otpauth</td>
<td>8</td>
</tr>
<tr>
<td>amazonmobile</td>
<td>8</td>
</tr>
<tr>
<td>org-appextension-feature-password-management</td>
<td>8</td>
</tr>
<tr>
<td>twitterkit-bqNRNye1eU89E7gVP5aam6O6t</td>
<td>7</td>
</tr>
<tr>
<td>com.googleusercontent.apps.</td>
<td>7</td>
</tr>
<tr>
<td>oauth-swift</td>
<td>6</td>
</tr>
<tr>
<td>twitterkit-8WIpExNRasgkylPREYlfqweEg</td>
<td>6</td>
</tr>
<tr>
<td>com.apple.maps.action</td>
<td>6</td>
</tr>
<tr>
<td>twitterkit-szwcBj2lCk6nxhm8T6rXj4nc6</td>
<td>6</td>
</tr>
<tr>
<td>ssh</td>
<td>6</td>
</tr>
<tr>
<td>bitcoin</td>
<td>5</td>
</tr>
</tbody>
</table>
<h2 id="so-what">So what?</h2>
<ul>
<li>
<p>😋 It’s funny, on average, applications declare more than 2 custom URL Schemes. It’s not so incredible, if we look deeper inside, multiple time it’s explained by the external login process of Facebook, Twitter, etc, because you have to expose an entry to be called back by the third party oauth.</p>
</li>
<li>
<p>😤 What is very concerning in the fact that 347 schemes are used by multiple Apps, so be aware than trying to open an App using a URL scheme doesn’t guaranty you to open that App. It’s a random process.</p>
</li>
<li>
<p>😵💫 Some Apple <strong>schemes</strong> are supposed to be private … i don’t know why Apple doesn’t reject those Apps</p>
</li>
<li>😡 More concerning, some <strong>schemes</strong> are really not recommended
<ul>
<li>those 30 ones overused</li>
<li>the 347 hijacked (if you are not sure that your App is the one opened…)</li>
</ul>
</li>
<li>
<p>🤬 Some <strong>schemes</strong> are very close of the system : <code class="language-plaintext highlighter-rouge">https://</code>, <code class="language-plaintext highlighter-rouge">http://, </code>prefs://<code class="language-plaintext highlighter-rouge">, </code>tel://<code class="language-plaintext highlighter-rouge">, </code>sms://` and i’m not sure there is a desire of Apple to open them on the system (not as the mailto://)</p>
</li>
<li>🍏 Even more for Public “Security” scheme <code class="language-plaintext highlighter-rouge">org-appextension-feature-password-management://</code> … Is it normal for Apple to allow this kind of thing?</li>
</ul>MORISSARD Jérômehello@appscan-hq.comOn September 2022, AppScan has scanned more that 5000 Apps in the most top ranked. Finally, we decided to build a schemes database & to published somes of our discoveries.Crypto Apps - Benchmark - Part 4 - Security2022-08-30T00:00:00+02:002022-08-30T00:00:00+02:00https://appscan-hq.com/crypto-bitcoin-wallet-apps-part-4-security<p>Apps relative to crypto are very recent.<br />
We wanted to study those Apps to make an smart article about technical stacks & good practices.</p>
<p>This article is the last of this serie :</p>
<ul>
<li><a href="/appscan-crypto-apps-part-1-introduction.html">Part 1 - Introduction</a></li>
<li><a href="/appscan-crypto-apps-part-2-resources.html">Part 2 - Resources</a></li>
<li><a href="/appscan-crypto-apps-part-3-interactions.html">Part 3 - Interactions</a></li>
<li>👉 <a href="/appscan-crypto-apps-part-4-security.html">Part 4 - Security</a></li>
</ul>
<h1 id="app-security">App Security</h1>
<p>The security score is actually evaluated by checking 3 things :</p>
<ul>
<li>detect “risky” files inside the app bundle (something human readable that might contains important informations)</li>
<li>detect bad security configuration</li>
<li>detect api keys/token easy to hijack</li>
</ul>
<table>
<thead>
<tr>
<th style="text-align: left">App</th>
<th style="text-align: center">Security Score</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/metamask.webp" width="50" height="50" /> MetaMask - Blockchain Wallet</td>
<td style="text-align: center">4.40</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/coinbase.webp" width="50" height="50" /> Coinbase: Buy Bitcoin & Ether</td>
<td style="text-align: center">4.40</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/crypto.com.webp" width="50" height="50" /> Crypto.com - Buy Bitcoin, ETH</td>
<td style="text-align: center">4.10</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/coinmarkercap.webp" width="50" height="50" /> CoinMarketCap</td>
<td style="text-align: center">3.80</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/etoro money.webp" width="50" height="50" /> eToro Money</td>
<td style="text-align: center">3.40</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/ftx.webp" width="50" height="50" /> FTX (anciennement Blockfolio)</td>
<td style="text-align: center">3.40</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/zengo.webp" width="50" height="50" /> ZenGo: Crypto & Bitcoin Wallet</td>
<td style="text-align: center">2.80</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/binance.webp" width="50" height="50" /> Binance: Buy Bitcoin & Crypto</td>
<td style="text-align: center">2.10</td>
</tr>
</tbody>
</table>
<p><strong>A risk for you?</strong></p>
<ul class="notice--warning">
<li>The risk can be detected for the End User, for example, if the security layer is removed of the HTTP exchange.</li>
<li>The risk can be on the Company side, for example, if some secrets are easy to discover just using the app binary like i did.</li>
</ul>
<h2 id="risks-due-to-the-app-configuration">Risks due to the App configuration</h2>
<p>Each Apps can adapt a very important security layer between the App and internet.<br />
In this section, we scan the Apps <a href="https://developer.apple.com/documentation/bundleresources/information_property_list/nsapptransportsecurity">NSAppTransportSecurity</a> configuration.</p>
<p>Only 2 Apps don’t modify this security layer</p>
<ul>
<li>MetaMask - Blockchain Wallet</li>
<li>Crypto.com - Buy Bitcoin, ETH</li>
</ul>
<p>The others Apps are reducing the App security using some parameters</p>
<ul>
<li><strong>NSAllowsArbitraryLoads</strong> : A Boolean value indicating whether App Transport Security restrictions are disabled for all network connections.</li>
<li><strong>NSAllowsLocalNetworking</strong> : A Boolean value indicating whether to allow loading of local resources.</li>
<li><strong>NSAllowsArbitraryLoadsInWebContent</strong> : A Boolean value indicating whether all App Transport Security restrictions are disabled for requests made from web views.</li>
<li><strong>NSExceptionAllowsInsecureHTTPLoads</strong> : A Boolean value indicating whether to allow insecure HTTP loads.</li>
</ul>
<h2 id="risky-keysvalues">Risky keys/values</h2>
<p>Some places inside the App are protected and not easy to read (for exemple the executable element of the App).<br />
In a lot of Apps, we can detect some important keys/values not stored at the right place.</p>
<p>Only 3 Apps are not storing critical value in a low security environement</p>
<ul>
<li>MetaMask - Blockchain Wallet</li>
<li>CoinMarketCap</li>
<li>FTX (anciennement Blockfolio)</li>
</ul>
<h2 id="risky-files">Risky files</h2>
<p>An package App is not so complicatd to get and to inspect.<br />
The packaging is not a good protection because an App package is just a zip file 🤯.<br />
AppScan analyse the entire content of the package :</p>
<ul>
<li>Main bundle,</li>
<li>Each bundles,</li>
<li>Each librairies, frameworks,</li>
<li>All files in the App.</li>
</ul>
<p>The idea is to detect files that can contains infomrations in a more or less readable format.<br />
All those files with extensions has been detected in the Apps.</p>
<ul>
<li><strong>.cer, .der</strong>, those files are certificates, probably to if the server is really the real server</li>
<li><strong>.xml, .yml</strong>, data files, fully readdable, we can get lot of informations exploring them</li>
<li><strong>.json</strong>, fully readdable, we can get lot of informations exploring them</li>
<li><strong>.xcconfig</strong>, really not a normal place in an App … it’s a configuration file for Xcode</li>
<li><strong>.md, .txt</strong>, text files … sometimes readMe, release notes, etc</li>
<li><strong>.js</strong>, yes, some JS files can be very interesting and contains lot of data.</li>
</ul>
<h2 id="conclusion">Conclusion</h2>
<ul class="notice--warning">
<li>MetaMask is over the other, we only detect some .cer & .der files which can be usefull for security validation</li>
<li>Lot of Apps are exposing apiKeys & critical tokens inside readable sources (Info.plist for example)</li>
<li>Too much Apps are updating the NSAppTransportSecurity … this parameter reduce the App security</li>
<li>I would consider Apps to be more secure because alternatives create more data inside “readable” format (.json, .txt, .js, .yml). Those files can contains important data.</li>
</ul>MORISSARD Jérômehello@appscan-hq.comApps relative to crypto are very recent. We wanted to study those Apps to make an smart article about technical stacks & good practices.Crypto Apps - Benchmark - Part 3 - Interactions2022-08-29T00:00:00+02:002022-08-29T00:00:00+02:00https://appscan-hq.com/crypto-bitcoin-wallet-apps-part-3-interactions<p>Apps relative to crypto are very recent.<br />
We wanted to study those Apps to make an smart article about technical stacks & good practices.</p>
<p>What are the good things?</p>
<p>What are the bad things in those about?</p>
<p>What are the important points if you want to start to build a new App?</p>
<p>To study those questions we have decided to take the most trendy applications and to compare them on technical aspects :</p>
<p>This article is the third of the serie :</p>
<ul>
<li><a href="/appscan-crypto-apps-part-1-introduction.html">Part 1 - Introduction</a></li>
<li><a href="/appscan-crypto-apps-part-2-resources.html">Part 2 - Resources</a></li>
<li>👉 <a href="/appscan-crypto-apps-part-3-interactions.html"> Part 3 - Interactions</a></li>
<li><a href="/appscan-crypto-apps-part-4-security.html">Part 4 - Security</a></li>
</ul>
<p><strong>TLDR;</strong></p>
<ul>
<li>There is native Apps and Apps developed using a cross plateform solutions.</li>
<li>All Apps can provide a very rich User Experience and extends the system using App Extensions or interact with other Apps to improve the journey of a User.</li>
<li>The applications are characterized by the number of interactions with the system and the possible interactions with other Apps.</li>
<li>The packaging is really different depending on the technology of the application and this leads to resources not optimized and some security weaknesses.</li>
</ul>
<h1 id="app-interactions">App interactions</h1>
<h2 id="interactions-with-other-apps">Interactions with other Apps</h2>
<p>An app can interact with other Apps, but to do that the App must declare a list of Apps to interact with.<br />
This list give the possibility to the App to ask to open the other Apps for specific actions.</p>
<table>
<thead>
<tr>
<th style="text-align: left">App</th>
<th style="text-align: center">Number of apps</th>
<th style="text-align: center">Social Apps</th>
<th style="text-align: center">Mails Apps</th>
<th style="text-align: center">Wallet Apps</th>
<th style="text-align: center">Jailbreak Apps</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/zengo.webp" width="50" height="50" /> ZenGo: Crypto & Bitcoin Wallet</td>
<td style="text-align: center">6 apps</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/coinbase.webp" width="50" height="50" /> Coinbase: Buy Bitcoin & Ether</td>
<td style="text-align: center">17 apps</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">❌</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/etoro money.webp" width="50" height="50" /> eToro Money</td>
<td style="text-align: center">1 app</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/binance.webp" width="50" height="50" /> Binance: Buy Bitcoin & Crypto</td>
<td style="text-align: center">5 apps</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">❌</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/coinmarkercap.webp" width="50" height="50" /> CoinMarketCap</td>
<td style="text-align: center">10 apps</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/ftx.webp" width="50" height="50" /> FTX (anciennement Blockfolio)</td>
<td style="text-align: center">10 apps</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/crypto.com.webp" width="50" height="50" /> Crypto.com - Buy Bitcoin, ETH</td>
<td style="text-align: center">5 apps</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">✅</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/metamask.webp" width="50" height="50" /> MetaMask - Blockchain Wallet</td>
<td style="text-align: center">5 apps</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
</tr>
</tbody>
</table>
<ul class="notice--warning">
<li>Yes, Mail Apps make sense to give the user a way to share things, and maybe optimize actions.</li>
<li>Social Apps (WhatsApp, Instagram, Facebook, Twitter), give the user a way to share content or to log.</li>
<li>Wallet Apps can be interesting to interact with (or to know that a User has alternative)</li>
<li>Cydia is a good idea to detect jailbroken devices and maybe limit the usage of the App.</li>
</ul>
<h2 id="interactions-with-the-system">Interactions with the system</h2>
<p>Interactions with the system give your App a real sense for the Users and provide lots of way to interact with her.</p>
<table>
<thead>
<tr>
<th style="text-align: left">App</th>
<th style="text-align: center">iCloud service</th>
<th style="text-align: center">Universal links</th>
<th style="text-align: center">Apple Pay</th>
<th style="text-align: center">Wallet</th>
<th style="text-align: center">Keychain group</th>
<th style="text-align: center">Apple Sign In</th>
<th style="text-align: center">NFC reader</th>
<th style="text-align: center">web credentials</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/coinbase.webp" width="50" height="50" /> Coinbase: Buy Bitcoin & Ether</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">✅</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/metamask.webp" width="50" height="50" /> MetaMask - Blockchain Wallet</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">❌</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/binance.webp" width="50" height="50" /> Binance: Buy Bitcoin & Crypto</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">✅</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/zengo.webp" width="50" height="50" /> ZenGo: Crypto & Bitcoin Wallet</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/etoro money.webp" width="50" height="50" /> eToro Money</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/coinmarkercap.webp" width="50" height="50" /> CoinMarketCap</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/ftx.webp" width="50" height="50" /> FTX (anciennement Blockfolio)</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/crypto.com.webp" width="50" height="50" /> Crypto.com - Buy Bitcoin, ETH</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
</tr>
</tbody>
</table>
<ul class="notice--warning">
<li><strong>Universal links</strong>, most of those Apps declare universal links (the fact to redirect the User inside the App if we navigate to an url of the website)</li>
<li><strong>Apple Pay</strong>, the App can do payment or transferts using ApplePay (it’s always better than having to give a Credit Card)</li>
<li><strong>Wallet</strong>, only Coinbase has developped a Coinbase Card integrated to Wallet</li>
<li><strong>Keychain group</strong>, a powerfull technology to store safely the data and share this with your other Apps & extensions.</li>
<li><strong>Apple Sign In</strong>, the Apple authentication process, only implemented by 50% of those Apps.</li>
<li><strong>NFC Reader</strong>, interesting features linked to NFC scanning and probably some partners integration to the Apps.</li>
<li><strong>Web Credentials</strong>, surprisly not the most implemented feature but very important to be able to share the User credentials with the web brower.</li>
</ul>
<h2 id="integrations-inside-the-system">Integrations inside the system</h2>
<p>The App extensions are external components to increase the App visibility on the system.</p>
<table>
<thead>
<tr>
<th style="text-align: left">App</th>
<th style="text-align: center">Widget (old)</th>
<th style="text-align: center">Widget(s)</th>
<th style="text-align: center">Siri</th>
<th style="text-align: center">ReplayKit</th>
<th style="text-align: center">Notification service</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/binance.webp" width="50" height="50" /> Binance: Buy Bitcoin & Crypto</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">❌</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/coinmarkercap.webp" width="50" height="50" /> CoinMarketCap</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">✅</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/coinbase.webp" width="50" height="50" /> Coinbase: Buy Bitcoin & Ether</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/ftx.webp" width="50" height="50" /> FTX (anciennement Blockfolio)</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">✅</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/crypto.com.webp" width="50" height="50" />Crypto.com - Buy Bitcoin, ETH</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">✅</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/metamask.webp" width="50" height="50" /> MetaMask - Blockchain Wallet</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">✅</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/zengo.webp" width="50" height="50" /> ZenGo: Crypto & Bitcoin Wallet</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/etoro money.webp" width="50" height="50" /> eToro Money</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
<td style="text-align: center">❌</td>
</tr>
</tbody>
</table>
<ul class="notice--warning">
<li><strong>OLD Widget</strong>, Binance is the only one to provivide this old version of the Widget for the lower iOS versions 👏.</li>
<li><strong>new Widget</strong>, new SwiftUI widget. Cool to present some synthetic information withtout starting the App.</li>
<li><strong>Siri</strong>, “hello Siri i want to do something”. You can talk to your device and present actions.</li>
<li><strong>Notification Service</strong>, a service to improve the presentation of the content of the notifications for the user.</li>
<li><strong>ReplayKit</strong>, interesting service (use only by Binance), probably to record/save some actions on device and your face for security reasons.</li>
</ul>MORISSARD Jérômehello@appscan-hq.comApps relative to crypto are very recent. We wanted to study those Apps to make an smart article about technical stacks & good practices.Crypto Apps - Benchmark - Part 2 - Resources2022-08-28T00:00:00+02:002022-08-28T00:00:00+02:00https://appscan-hq.com/crypto-bitcoin-wallet-apps-part-2-resources<p>Apps relative to crypto are very recent.<br />
We wanted to study those Apps to make an smart article about technical stacks & good practices.</p>
<p>What are the good things?</p>
<p>What are the bad things in those about?</p>
<p>What are the important points if you want to start to build a new App?</p>
<p>To study those questions we have decided to take the most trendy applications and to compare them on technical aspects</p>
<p>This article is the second of the serie :</p>
<ul>
<li><a href="/appscan-crypto-apps-part-1-introduction.html">Part 1 - Introduction</a></li>
<li>👉 <a href="/appscan-crypto-apps-part-2-resources.html">Part 2 - Resources</a></li>
<li><a href="/appscan-crypto-apps-part-3-interactions.html">Part 3 - Interactions</a></li>
<li><a href="/appscan-crypto-apps-part-4-security.html">Part 4 - Security</a></li>
</ul>
<p><strong>TLDR;</strong></p>
<ul>
<li>There is native Apps and Apps developed using a cross plateform solutions.</li>
<li>All Apps can provide a very rich User Experience and extends the system using App Extensions or interact with other Apps to improve the journey of a User.</li>
<li>The applications are characterized by the number of interactions with the system and the possible interactions with other Apps.</li>
<li>The packaging is really different depending on the technology of the application and this leads to resources not optimized and some security weaknesses.</li>
</ul>
<h1 id="app-resources">App Resources</h1>
<p>In this section, we check to important metrics about the packaging of the App.</p>
<ul>
<li>How are managed the images? package in Assets? to be optimized by Apple on the App installation, or not?</li>
<li>How is configured the language support? Permissions are well localized? Is there missing values?</li>
</ul>
<table>
<thead>
<tr>
<th style="text-align: left">App</th>
<th style="text-align: center">AppScore</th>
<th style="text-align: left">Details</th>
<th> </th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/coinmarkercap.webp" width="50" height="50" /> CoinMarketCap</td>
<td style="text-align: center">5.0</td>
<td style="text-align: left"><ul><li>✅ 21 languages</li><li>❌ Some missing translations detected </li> <li>✅ Images packaged in assets </li> </ul></td>
<td> </td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/metamask.webp" width="50" height="50" /> MetaMask - Blockchain Wallet</td>
<td style="text-align: center">4.40</td>
<td style="text-align: left"><ul><li>✅ 40 languages</li><li>✅ Plurals management </li><li>✅ Images packaged in assets </li> </ul></td>
<td> </td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/coinbase.webp" width="50" height="50" /> Coinbase: Buy Bitcoin & Ether</td>
<td style="text-align: center">4.40</td>
<td style="text-align: left"><ul><li>✅ 18 languages</li><li>❌ images not optimized in assets </li><li>❌ @1x/2x/@3x</li><li>❌ image scales missing</li></ul></td>
<td> </td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/ftx.webp" width="50" height="50" /> FTX (anciennement Blockfolio)</td>
<td style="text-align: center">4.40</td>
<td style="text-align: left"><ul><li>✅ 18 languages</li><li>❌ images not optimized in assets </li><li>❌ @1x/2x/@3x</li><li>❌ image scales missing</li></ul></td>
<td> </td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/zengo.webp" width="50" height="50" /> ZenGo: Crypto & Bitcoin Wallet</td>
<td style="text-align: center">3.80</td>
<td style="text-align: left"><ul><li>❌ 1 language</li><li>❌ images not optimized in assets </li><li>❌ @1x/2x/@3x</li></ul></td>
<td> </td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/etoro money.webp" width="50" height="50" /> eToro Money</td>
<td style="text-align: center">3.80</td>
<td style="text-align: left"><ul><li>❌ no official language declared (but custom in App) </li><li>❌ images not optimized in assets </li><li>❌ @1x/2x/@3x</li></ul></td>
<td> </td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/binance.webp" width="50" height="50" /> Binance: Buy Bitcoin & Crypto</td>
<td style="text-align: center">3.20</td>
<td style="text-align: left"><ul><li>✅ 9 languages</li><li>❌ Localized strings Custom Flutter (JSON file) </li><li>✅ Images packaged in assets </li> </ul></td>
<td> </td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/crypto.com.webp" width="50" height="50" /> Crypto.com - Buy Bitcoin, ETH</td>
<td style="text-align: center">3.20</td>
<td style="text-align: left"><ul><li>✅ 20 languages</li><li>❌ Some missing translations detected </li> <li>✅ Images packaged in assets </li> </ul></td>
<td> </td>
</tr>
</tbody>
</table>MORISSARD Jérômehello@appscan-hq.comApps relative to crypto are very recent. We wanted to study those Apps to make an smart article about technical stacks & good practices.Crypto Apps - Benchmark - Part 1 - Introduction2022-08-27T00:00:00+02:002022-08-27T00:00:00+02:00https://appscan-hq.com/crypto-bitcoin-wallet-apps-part-1-introduction<p>Apps relative to crypto are very recent and now common on the AppStore.<br />
We wanted to study those Apps to make an smart article about technical stacks & good practices.</p>
<p>What are the good things?</p>
<p>What are the bad things in those about?</p>
<p>What are the important points if you want to start to build a new App?</p>
<p>To study those questions we have decided to take the most trendy applications and to compare them on technical aspects :</p>
<table>
<thead>
<tr>
<th style="text-align: left">App name</th>
<th style="text-align: left">BundleID</th>
<th style="text-align: center">version</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/metamask.webp" width="50" height="50" /> MetaMask - Blockchain Wallet</td>
<td style="text-align: left">ee.mtakso.client</td>
<td style="text-align: center">65.1</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/ftx.webp" width="50" height="50" /> FTX (Blockfolio)</td>
<td style="text-align: left">com.blockfolio.blockfolio</td>
<td style="text-align: center">4.10.5</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/coinmarkercap.webp" width="50" height="50" /> CoinMarketCap</td>
<td style="text-align: left">com.coinmarketcap.CoinMarketCap</td>
<td style="text-align: center">4.2.0</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/coinbase.webp" width="50" height="50" /> Coinbase: Buy Bitcoin & Ether</td>
<td style="text-align: left">com.vilcsak.bitcoin2</td>
<td style="text-align: center">10.29.4</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/crypto.com.webp" width="50" height="50" /> Crypto.com - Buy Bitcoin, ETH</td>
<td style="text-align: left">co.mona.Monaco</td>
<td style="text-align: center">3.143</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/binance.webp" width="50" height="50" /> Binance: Buy Bitcoin & Crypto</td>
<td style="text-align: left">com.czzhao.binance</td>
<td style="text-align: center">2.50.0</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/zengo.webp" width="50" height="50" /> ZenGo: Crypto & Bitcoin Wallet</td>
<td style="text-align: left">kzencorp.mobile.ios</td>
<td style="text-align: center">4.1.2</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/etoro money.webp" width="50" height="50" /> eToro Money</td>
<td style="text-align: left">com.etoro.wallet</td>
<td style="text-align: center">48.0.0</td>
</tr>
</tbody>
</table>
<p>This article is the one a serie :</p>
<ul>
<li>👉 <a href="/appscan-crypto-apps-part-1-introduction.html">Part 1 - Introduction</a></li>
<li><a href="/appscan-crypto-apps-part-2-resources.html">Part 2 - Resources</a></li>
<li><a href="/appscan-crypto-apps-part-3-interactions.html">Part 3 - Interactions</a></li>
<li><a href="/appscan-crypto-apps-part-4-security.html">Part 4 - Security</a></li>
</ul>
<p><strong>TLDR;</strong></p>
<ul>
<li>There is native Apps and Apps developed using a cross plateform solutions.</li>
<li>All Apps can provide a very rich User Experience and extends the system using App Extensions or interact with other Apps to improve the journey of a User.</li>
<li>The applications are characterized by the number of interactions with the system and the possible interactions with other Apps.</li>
<li>The packaging is really different depending on the technology of the application and this leads to resources not optimized and some security weaknesses.</li>
</ul>
<h1 id="appscores">AppScores</h1>
<p>AppScore give an objective & synthetic vision of any Apps, just by focusing on quality criteria.<br />
<a href="/appscan-appscore.html">If you want to get more details about AppScore computation</a></p>
<table>
<thead>
<tr>
<th style="text-align: left">App</th>
<th style="text-align: left">AppScore</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/coinmarkercap.webp" width="50" height="50" /> CoinMarketCap</td>
<td style="text-align: left">4.74</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/metamask.webp" width="50" height="50" /> MetaMask - Blockchain Wallet</td>
<td style="text-align: left">4.67</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/ftx.webp" width="50" height="50" /> FTX (Blockfolio)</td>
<td style="text-align: left">4.67</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/coinbase.webp" width="50" height="50" /> Coinbase: Buy Bitcoin & Ether</td>
<td style="text-align: left">4.59</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/binance.webp" width="50" height="50" /> Binance: Buy Bitcoin & Crypto</td>
<td style="text-align: left">4.30</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/crypto.com.webp" width="50" height="50" /> Crypto.com - Buy Bitcoin, ETH</td>
<td style="text-align: left">4.14</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/zengo.webp" width="50" height="50" /> ZenGo: Crypto & Bitcoin Wallet</td>
<td style="text-align: left">4.13</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/etoro money.webp" width="50" height="50" /> eToro Money</td>
<td style="text-align: left">4.01</td>
</tr>
</tbody>
</table>
<ul class="notice--warning">
<li>MetaMask is clearly over the other apps</li>
</ul>
<h2 id="technologies">Technologies</h2>
<p>The technologies is evaluated using multiple hints inside the App bundle.</p>
<table>
<thead>
<tr>
<th style="text-align: left">App</th>
<th style="text-align: left">Technology</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/crypto.com.webp" width="50" height="50" /> Crypto.com - Buy Bitcoin, ETH</td>
<td style="text-align: left">Native</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/metamask.webp" width="50" height="50" /> MetaMask - Blockchain Wallet</td>
<td style="text-align: left">Native</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/binance.webp" width="50" height="50" /> Binance: Buy Bitcoin & Crypto</td>
<td style="text-align: left">Native & Flutter</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/coinmarkercap.webp" width="50" height="50" /> CoinMarketCap</td>
<td style="text-align: left">Flutter</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/zengo.webp" width="50" height="50" /> ZenGo: Crypto & Bitcoin Wallet</td>
<td style="text-align: left">Reach Native</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/coinbase.webp" width="50" height="50" /> Coinbase: Buy Bitcoin & Ether</td>
<td style="text-align: left">Reach Native</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/ftx.webp" width="50" height="50" /> FTX (anciennement Blockfolio)</td>
<td style="text-align: left">Reach Native</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/etoro money.webp" width="50" height="50" /> eToro Money</td>
<td style="text-align: left">Web</td>
</tr>
</tbody>
</table>
<ul class="notice--warning">
<li>A lot af alternative technologies are used</li>
<li>Native is not the most common implementation</li>
<li>3 React Native Apps and 2 Flutter Apps</li>
</ul>
<h2 id="minimal-ios-version">Minimal iOS version</h2>
<table>
<thead>
<tr>
<th style="text-align: left">App</th>
<th style="text-align: center">Minimal iOS version</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/zengo.webp" width="50" height="50" /> ZenGo: Crypto & Bitcoin Wallet</td>
<td style="text-align: center">11.0</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/etoro money.webp" width="50" height="50" /> eToro Money</td>
<td style="text-align: center">11.0</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/coinmarkercap.webp" width="50" height="50" /> CoinMarketCap</td>
<td style="text-align: center">11.0</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/ftx.webp" width="50" height="50" /> FTX (anciennement Blockfolio)</td>
<td style="text-align: center">11.0</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/coinbase.webp" width="50" height="50" /> Coinbase: Buy Bitcoin & Ether</td>
<td style="text-align: center">12.0</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/binance.webp" width="50" height="50" /> Binance: Buy Bitcoin & Crypto</td>
<td style="text-align: center">12.0</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/metamask.webp" width="50" height="50" /> MetaMask - Blockchain Wallet</td>
<td style="text-align: center">12.0</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/crypto.com.webp" width="50" height="50" /> Crypto.com - Buy Bitcoin, ETH</td>
<td style="text-align: center">13.0</td>
</tr>
</tbody>
</table>
<ul class="notice--warning">
<li>Crypto.com requires iOS 13.0 which is not a bad idea but you loose some % of devices</li>
</ul>
<h2 id="app-size">App Size</h2>
<p>App size is important to be able to be easyly installed and not to limited because of the network.<br />
And not be the 1st application uninstalled if the device has less space.</p>
<table>
<thead>
<tr>
<th style="text-align: left">App</th>
<th style="text-align: left">Size</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/ftx.webp" width="50" height="50" /> FTX (anciennement Blockfolio)</td>
<td style="text-align: left">28 Mb</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/zengo.webp" width="50" height="50" /> ZenGo: Crypto & Bitcoin Wallet</td>
<td style="text-align: left">56 Mb</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/coinbase.webp" width="50" height="50" /> Coinbase: Buy Bitcoin & Ether</td>
<td style="text-align: left">66 Mb</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/coinmarkercap.webp" width="50" height="50" /> CoinMarketCap</td>
<td style="text-align: left">70 Mb</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/etoro money.webp" width="50" height="50" /> eToro Money</td>
<td style="text-align: left">79 Mb</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/metamask.webp" width="50" height="50" /> MetaMask - Blockchain Wallet</td>
<td style="text-align: left">117 Mb</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/crypto.com.webp" width="50" height="50" /> Crypto.com - Buy Bitcoin, ETH</td>
<td style="text-align: left">246 Mb</td>
</tr>
<tr>
<td style="text-align: left"><img src="/assets/images/ios-apps/binance.webp" width="50" height="50" /> Binance: Buy Bitcoin & Crypto</td>
<td style="text-align: left">540 Mb</td>
</tr>
</tbody>
</table>
<ul class="notice--warning">
<li>Binance, why is it so big?
<ul>
<li>a lootttt of assets in a lot of internal frameworks.</li>
</ul>
</li>
<li>Crypto.com, why is it so big?
<ul>
<li>lot of assets (of big assets) … maybe time to migrate to more vectorial integrations</li>
</ul>
</li>
</ul>MORISSARD Jérômehello@appscan-hq.comApps relative to crypto are very recent and now common on the AppStore. We wanted to study those Apps to make an smart article about technical stacks & good practices.Apple Transport Security or not2022-08-11T00:00:00+02:002022-08-11T00:00:00+02:00https://appscan-hq.com/app-transport-security<p>On iOS, the network exchanges is an important layer of the security. <br />
This layer is used by the App when performing network requests with :</p>
<ul>
<li>URLSession,</li>
<li>URLConnection,</li>
<li>WKWebView loading,</li>
<li>Thirdparty librairies (Alamofire, AFNetworking)</li>
</ul>
<p>Using our current database we have discovered that 48% of the iOS app have remove or disable this protection.</p>
<p><img src="/assets/images/ATT-48pourcent.png" alt="" class="full" /></p>MORISSARD Jérômehello@appscan-hq.comOn iOS, the network exchanges is an important layer of the security. This layer is used by the App when performing network requests with : URLSession, URLConnection, WKWebView loading, Thirdparty librairies (Alamofire, AFNetworking)AppScan - data collection2022-07-11T00:00:00+02:002022-07-11T00:00:00+02:00https://appscan-hq.com/data-collection<p>I started to work on that project some years ago. I was working another project RocketSkill, a quizz App for the tech recruiters.<br />
I was trying to aggregate lot of data to get a global vision of the AppStore and give some recommandations to new iOS developers. <br />
What libraries are important to know? How to improve my learning curve on the platform?</p>
<p>After some months, i was able to generate a first list of frameworks sorted by usage of the AppStore.<br />
This was already funny to discover some new frameworks using this method.</p>
<p>Finally, i decided to continue my research about the ipa structure & organizations and to conclude i made the AppScan tool, to collect & organize the App data.</p>
<ul>
<li>Environment
<ul>
<li>Xcode version</li>
<li>Service env urls</li>
<li>App technology</li>
</ul>
</li>
<li>App configuration
<ul>
<li>Apple Info.plist Keys</li>
<li>Extra Info.plist Keys</li>
<li>Permissions</li>
</ul>
</li>
<li>Resources
<ul>
<li>Assets missing 1x 2x 3x</li>
<li>Assets organization</li>
<li>Languages supports</li>
<li>ThirdParty librairies</li>
<li>Apple librairies</li>
</ul>
</li>
<li>Security
<ul>
<li>risky files</li>
<li>Bad configurations</li>
<li>Bad environments</li>
<li>Schemes</li>
</ul>
</li>
<li>Extra features
<ul>
<li>Extensions</li>
<li>Entitlemented features</li>
<li>Cool Apple featured SDK : ARKit, SwiftUI</li>
</ul>
</li>
</ul>MORISSARD Jérômehello@appscan-hq.comI started to work on that project some years ago. I was working another project RocketSkill, a quizz App for the tech recruiters. I was trying to aggregate lot of data to get a global vision of the AppStore and give some recommandations to new iOS developers. What libraries are important to know? How to improve my learning curve on the platform? After some months, i was able to generate a first list of frameworks sorted by usage of the AppStore. This was already funny to discover some new frameworks using this method. Finally, i decided to continue my research about the ipa structure & organizations and to conclude i made the AppScan tool, to collect & organize the App data.AppScore - definition2022-07-01T00:00:00+02:002022-07-01T00:00:00+02:00https://appscan-hq.com/appscore-definition<p><strong>why?</strong><br />
We have created an AppScore :</p>
<ul>
<li>To be more objective to judge a App</li>
<li>Detect strenghts and the weaknesses of the App.</li>
<li>Be able to compare Apps</li>
</ul>
<p>AppScore computation is the sum of multiple scores:</p>
<p><strong>App environment</strong> - Xcode version can be detected. It’s interesting to see the adoption of the most recent version of Xcode to adapt the App to new iOS features.</p>
<p><strong>Technology use for the development</strong> - Major technology used for the App development, can be evaluated using some packaging hints.</p>
<p><strong>App minimal iOS version</strong> - Give an estimation of the reachable number of devices</p>
<p><strong>App size</strong> - Tt’s big or not? And detect why</p>
<p><strong>App permissions</strong> - Give an interesting smelling of the possible features of the App</p>
<p><strong>App supported languages</strong> - Give a best vision of the targeted users</p>
<p><strong>App resources</strong> - Discover some optimizations and packaging errors</p>
<p><strong>App librairies</strong> - Super tech vision of the App Technical Stack and guessing some features and the strategy of development</p>
<p><strong>App security</strong> - God dam shit</p>
<p><strong>App - interactions with other Apps</strong> - Users like to have their preferences considered</p>
<p><strong>App - interactions with the iOS system</strong> - Yeah! Very good points to be loved by Apple and maybe the Users</p>MORISSARD Jérômehello@appscan-hq.comwhy? We have created an AppScore : To be more objective to judge a App Detect strenghts and the weaknesses of the App. Be able to compare AppsApp Technologies2022-06-28T00:00:00+02:002022-06-28T00:00:00+02:00https://appscan-hq.com/app-technologies<p>Since 10 years we have seen a lot of cross-plateform technologies.<br />
Every time, there is some reasons to select an alternative technology.</p>
<ul>
<li>Reduce the cost of the App</li>
<li>Use the internal resources to develop the App</li>
<li>Recruitment too complex</li>
</ul>
<p>For several years, we the maturity of some challengers, i was wondering if I was missing something.<br />
That’s why i have made this analyses of the AppStore.</p>
<p>The alternatives are :</p>
<ul>
<li><a href="https://dotnet.microsoft.com/en-us/apps/xamarin">Native</a> (Apple)</li>
<li><a href="https://reactnative.dev/">React Native</a> (Facebook)</li>
<li><a href="https://flutter.dev/">Flutter</a> (Google)</li>
<li><a href="https://cordova.apache.org/">Cordova</a> (Adobe Systems)</li>
<li><a href="https://dotnet.microsoft.com/en-us/apps/xamarin">Xamarin</a> (Microsoft)</li>
</ul>
<p>We have collected the analysis of 3334 apps</p>
<table>
<thead>
<tr>
<th style="text-align: left">Syntax</th>
<th style="text-align: center">Number of Apps</th>
<th style="text-align: right">%</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left">Native</td>
<td style="text-align: center">2494</td>
<td style="text-align: right">75%</td>
</tr>
<tr>
<td style="text-align: left">React Native</td>
<td style="text-align: center">420</td>
<td style="text-align: right">12%</td>
</tr>
<tr>
<td style="text-align: left">Flutter</td>
<td style="text-align: center">159</td>
<td style="text-align: right">5%</td>
</tr>
<tr>
<td style="text-align: left">Cordova</td>
<td style="text-align: center">107</td>
<td style="text-align: right">3%</td>
</tr>
<tr>
<td style="text-align: left">xamarin</td>
<td style="text-align: center">34</td>
<td style="text-align: right">1%</td>
</tr>
<tr>
<td style="text-align: left">Web</td>
<td style="text-align: center">120</td>
<td style="text-align: right">3%</td>
</tr>
</tbody>
</table>
<p><strong>This picture of the store is interesting!</strong></p>
<ul class="notice--warning">
<li>Native development is dominating.</li>
<li>At least <span>25%</span> of the Apps of the AppStore are not native!</li>
<li>2 technologies are dominating Flutter & React Native.</li>
<li>React Native is adopted 2x more than Flutter.</li>
</ul>MORISSARD Jérômehello@appscan-hq.comSince 10 years we have seen a lot of cross-plateform technologies. Every time, there is some reasons to select an alternative technology.