Broken Authorization in iOS
Play iOS Labs on this vulnerability with SecureFlag!
Description
Failing to treat a mobile application as a web app opens the door to a number of authentication and authorization issues. In fact, in both cases, the user ends up with the actual source code of the app in some form or another. Relying solely on the fact that some particular functionality or piece of information is not available to the unauthenticated user via the regular app interface is not enough; the same functionality must also be secured on the backend.
Vulnerable example
Imagine that an application provides users with some functionality available via a custom URL scheme. The assumption that the clients of this feature are trusted parties is flawed; in fact, extra care must be taken to not leak any of the privileges of the properly authenticated user to the one that uses the custom URL.
Impact
Applications affected by these authentication issues enable malicious users to impersonate other users.
Prevention
Just like client-side-only validation is not enough to secure a web application, the checks and the restrictions enforced in the mobile application must be replicated accordingly on the backed server.
References
MITRE - CWE 285 - Improper Authorization
OWASP Top 10 2021 - Broken Access Control