Last week, the well-known iOS security receiver named @ i0n1c
announced the placement in the App Store of a useful system tool for iOS called SysSecInfo - System and Security Info, which immediately received a lot of positive feedback from iOS security professionals and ordinary users. The tool allows you to show the user a lot of useful information about its mobile OS, including the microprocessor load level, memory and disk usage, information about running processes, as well as the presence of hidden jailbreak and malware on the device.
SysSecInfo differs from other similar tools by the accuracy of the displayed information about the use of the microprocessor and memory, as well as such unique functions as information about running applications on iOS 9 (including the SHA1 hash of the image and digital signature information), detection of the jailbreak status and the presence of anomalies in the system. The application provided users with so detailed and valuable information about iOS that Apple thought it would be too much and decided to remove SysSecInfo from the App Store.
The link that previously led
to the SysSecInfo in the App Store is no longer relevant, as the application itself, which disappeared from the App Store. A copy of the web page with information about the application can be obtained from this link
(cache). The application was available for download for 99 eurocents.
Fig. SysSecInfo interface (on the left is statistics on usage of microprocessor and memory by applications, on the right is a link to system information).
Fig. Full range of features provided by the application.
On the official website of the
application, it is indicated that SysSecInfo is the only application in the App Store that can display a list of processes running in iOS 9. Since Apple has introduced additional restrictions that block attempts to obtain a list of processes, which makes the work of other similar tools useless.
Fig. An example of the application on the iPod Touch with Taig jailbreak. On the right screen you can see a lot of anomalies, which clearly means the presence of a jailbreak in the system.
SysSecInfo may show anomalies present in the system, i.e., various deviations in the iOS environment that indicate the presence of unwanted or illegitimate applications. The list of anomalies includes the following items: checking the legitimacy of the digital signature flags of running applications; system applications use an encrypted container for their work and are not running under the control of the debugger. Another point of anomaly detection allows affirmatively to say that iOS security mechanisms can still detect applications that are not digitally signed.
Fig. List of running processes in SysSecInfo.
Removing the SysSecInfo tool from the App Store once again shows the iOS closed level for access from the outside and the fact that an application can be removed from the app store at the request of Apple even if it has passed all the built-in security checks in the App Store.
See also Apple Chucks Anti-Hacker Tool From the For Just One Week App Store www.forbes.com/sites/thomasbrewster/2016/05/16/apple-stefan-esser-security-app-fight