[adamdoupe]

A postdoc in my lab published an academic paper that did exactly this: automated static analysis of iOS compiled binaries for privacy violations.

As far as I know Apple was not interested.

Here's the paper if you want to take a look: http://seclab.cs.ucsb.edu/media/uploads/papers/egele-ndss11....

[0x0]

Interesting. Quick question, how would you deal with things that call APIs via, for example, NSSelectorFromString, where the String is built in an obfuscated way?

(I'll go back and read the paper in more detail soon)

[adamdoupe]

As I remember, the analysis doesn't handle calls that can't be determined statically.

So the analysis would fail to determine the method and class of a obfuscated string.