Skip to content

[Security] Process MobSF audits for v0.16.0 of Design System Toolbox app #854

New issue
New issue
Open
Task
Open
[Security] Process MobSF audits for v0.16.0 of Design System Toolbox app#854
Task
Labels
📱 demo appUpdate of the Demo App🔍 triageA new issue that needs to be treated🚨 securitySecurity-related topics (MobSF reports, CVE, Renovate, GitLeaks, etc.)
@pylapp

Description

@pylapp
pylapp
opened on Jul 17, 2025

Context

The IPA for the Design System Toolbox app (version 0.16.0) has been uploaded and is available through the App Store.
Our internal stores management service uses MobSF to make security audits on the app.
This service shares the report attached, with a score of 64/100 and some elements to check.

Definition of Done

  • IPA BINARY CODE ANALYSIS n°1 (use of fopen, memcpy, sscanf). Not used directly in the app by our code, but maybe by Apple API or third-parties
  • IPA BINARY CODE ANALYSIS n°2 (use of malloc). Not used directly in the app by our code, but maybe by Apple API or third-parties
  • IPA BINARY ANALYSIS RPATH: check use of @rpathand remove if possible
  • IPA BINARY ANALYSIS ENCRYPTED: encypher the binary

Resources

Design System Toolbox_0.16.0-1751882414.pdf

Metadata

Metadata

Assignees

No one assigned

    Labels

    📱 demo appUpdate of the Demo App🔍 triageA new issue that needs to be treated🚨 securitySecurity-related topics (MobSF reports, CVE, Renovate, GitLeaks, etc.)

    Type

    Task

    Projects

    ⚛️ [OUDS] Project

    Status

    Triage

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions