Problem Description

As the project is currently migrating tests to v2 (MASTG Test v1 -> v2 milestones), it is crucial to have up-to-date Techniques that these new tests can reference.
Currently, the MASTG heavily assumes the tester has a jailbroken device or access to the app's source code for dynamic analysis. There is a noticeable gap regarding modern, real-world black-box penetration testing on non-jailbroken devices, particularly concerning iOS 16+ Developer Mode restrictions and standard App Store IPA extraction methods.

Proposed Solution

I propose adding a new Technique to the iOS testing guide that covers the end-to-end process of non-jailbroken dynamic analysis. This Technique can be referenced by various tests currently being ported to v2 (especially within MASVS-RESILIENCE and MASVS-CODE).

The proposed technique will cover:

1. Extraction: Obtaining the decrypted IPA directly from the App Store using Apple Configurator on macOS.
2. Environment Setup: Enabling and troubleshooting Developer Mode (mandatory for iOS 16+ when dealing with get_task_allow).
3. Instrumentation: Patching, re-signing, and sideloading the application with FridaGadget for dynamic analysis on a stock device.

Willingness to Contribute

I have practical experience with these challenges and am ready to write the documentation. If the maintainers agree this is a valuable addition to the MASTG v2 architecture, please assign this issue to me.