Abstract

The need for developers to be able to update mobile apps immediately on discovery of a critical is something the Apple iOS software patching system does not allow through their traditional app patching lifecycle. Two tools have been developed to solve this problem, one commercial and one opensource. Both employ JavaScript and dynamic code downloads and provide a method for users to receive immediate updates, but both have the potential to be abused and open the user to multiple security vulnerabilities. This paper will discuss the how tools JSPatch and Rollout.io, open-source and commercial respectively, enable quick updates but also expose users to multiple security vulnerabilities.

Published in: International Conference on Information Society (i-Society 2017)

  • Date of Conference: 17-19 July 2017
  • DOI: 10.2053/iSociety.2017.0017
  • ISBN: 978-1-908320-80-3
  • Conference Location: Dublin, Ireland