Static Analysis of macOS Application Bundle for Territorial Affiliation

Digital protection nowadays is as important as physical security, especially when some applications on your computer are obliged to disclose your metadata. We need a way to discover potentially unwanted software with malicious connections for further decision-making regarding its removal.

During this session, we will share how to use static analysis to examine the macOS application bundle.

Let's take a look at some examples. Russia enforced Federal bills No. 374-FZ and 375-FZ, which require telecom providers to store the content of voice calls, data, images, and text messages on Russian servers for 6 months, and their metadata for 3 years. Online services such as messengers, emails and social networks that use encrypted data are required to permit the Federal Security Service (FSB) to access and read their encrypted communications.

All internet and telecom companies that have some presence in Russia must disclose these communications and metadata and "all other information necessary" to authorities without a court order.

Would you like to know how to detect applications like these? See you at our session!