iOS UIActivity Sharing

PreviousiOS Testing Environment NextiOS Universal Links

Last updated 7 months ago

iOS UIActivity Sharing

Learn & practice AWS Hacking: Learn & practice GCP Hacking:

Support HackTricks

Check the !
Join the 💬 or the or follow us on Twitter 🐦 .
Share hacking tricks by submitting PRs to the and github repos.

From iOS 6 onwards, third-party applications have been enabled to share data such as text, URLs, or images using mechanisms like AirDrop, as outlined in Apple's . This feature manifests through a system-wide share activity sheet that surfaces upon interacting with the "Share" button.

A comprehensive enumeration of all the built-in sharing options is available at . Developers may opt to exclude specific sharing options if they deem them unsuitable for their application.

Attention should be directed towards:

The nature of the data being shared.
The inclusion of custom activities.
The exclusion of certain activity types.

Sharing is facilitated through the instantiation of a UIActivityViewController, to which the items intended for sharing are passed. This is achieved by calling:

$ rabin2 -zq Telegram\ X.app/Telegram\ X | grep -i activityItems
0x1000df034 45 44 initWithActivityItems:applicationActivities:

Developers should scrutinize the UIActivityViewController for the activities and custom activities it's initialized with, as well as any specified excludedActivityTypes.

How to Receive Data

The following aspects are crucial when receiving data:

The declaration of custom document types.
The specification of document types the app can open.
The verification of the integrity of the received data.

Without access to the source code, one can still inspect the Info.plist for keys like UTExportedTypeDeclarations, UTImportedTypeDeclarations, and CFBundleDocumentTypes to understand the types of documents an app can handle and declare.

Dynamic Testing Approach

To test sending activities, one could:

Hook into the init(activityItems:applicationActivities:) method to capture the items and activities being shared.
Identify excluded activities by intercepting the excludedActivityTypes property.

For receiving items, it involves:

Sharing a file with the app from another source (e.g., AirDrop, email) that prompts the "Open with..." dialogue.
Hooking application:openURL:options: among other methods identified during static analysis to observe the app's response.
Employing malformed files or fuzzing techniques to evaluate the app's robustness.

References

Support HackTricks

PreviousiOS Testing Environment NextiOS Universal Links

Last updated 7 months ago

Learn & practice AWS Hacking: Learn & practice GCP Hacking:

Support HackTricks

Check the !
Join the 💬 or the or follow us on Twitter 🐦 .
Share hacking tricks by submitting PRs to the and github repos.

A comprehensive enumeration of all the built-in sharing options is available at . Developers may opt to exclude specific sharing options if they deem them unsuitable for their application.

Attention should be directed towards:

The nature of the data being shared.
The inclusion of custom activities.
The exclusion of certain activity types.

Sharing is facilitated through the instantiation of a UIActivityViewController, to which the items intended for sharing are passed. This is achieved by calling:

$ rabin2 -zq Telegram\ X.app/Telegram\ X | grep -i activityItems
0x1000df034 45 44 initWithActivityItems:applicationActivities:

Developers should scrutinize the UIActivityViewController for the activities and custom activities it's initialized with, as well as any specified excludedActivityTypes.

How to Receive Data

The following aspects are crucial when receiving data:

The declaration of custom document types.
The specification of document types the app can open.
The verification of the integrity of the received data.

A succinct guide on these keys is available on , highlighting the importance of defining and importing UTIs for system-wide recognition and associating document types with your app for integration in the "Open With" dialogue.

Dynamic Testing Approach

To test sending activities, one could:

Hook into the init(activityItems:applicationActivities:) method to capture the items and activities being shared.
Identify excluded activities by intercepting the excludedActivityTypes property.

For receiving items, it involves:

Sharing a file with the app from another source (e.g., AirDrop, email) that prompts the "Open with..." dialogue.
Hooking application:openURL:options: among other methods identified during static analysis to observe the app's response.
Employing malformed files or fuzzing techniques to evaluate the app's robustness.

References

Learn & practice AWS Hacking: Learn & practice GCP Hacking:

Support HackTricks

Check the !
Join the 💬 or the or follow us on Twitter 🐦 .
Share hacking tricks by submitting PRs to the and github repos.