Simulator Detection
Get a Demo of Blue Cedar

Simulator Detection

Simulator detection refers to techniques used in mobile apps to detect if the app is currently running in a simulator environment instead of real device hardware

Get a Demo of Blue Cedar

What Is Simulator Detection?

In the context of mobile applications and software development, developers may use simulators to test their applications on various platforms without the need for physical devices. Simulator detection refers to the process by which a mobile app identifies whether the mobile device on which it is running is a real physical device or a simulator.

What is a Simulator?

A simulator is a software program that imitates the behavior and environment of a physical computing device. It allows users to test and interact with applications or software in a controlled virtual environment that mimics the functionalities of the actual system or device without the need for the physical hardware.

Simulators play a crucial role in the development and testing of mobile apps, as they provide a safe and controlled environment for experimentation and evaluation. Developers use them to help find and fix bugs, test app performance under different conditions, and ensure compatibility of apps across various mobile devices or platforms. Additionally, simulators can be cost-effective alternatives to physical iOS hardware, allowing developers to work efficiently in a virtual environment.

Simulators and Emulators

Simulators are different from emulators, although they are often used interchangeably in casual conversations. A short description of the difference between the two is that simulators mimic the interfaces of a system while emulators recreate the hardware and systems. More details on the differences are detailed below.

  • Purpose
    • Simulators aim to model behavior and environment mainly for testing and development.
    • Emulators focus on accurately replicating the hardware for running real programs.
  • Fidelity
    • Simulators only approximate components necessary for testing.
    • Emulators strive for bit-level accuracy of hardware functions as their goal is to replicate details and nuances of device hardware more precisely.
  • Performance
    • Simulators optimize for speed and resource efficiency.
    • Emulators prioritize accuracy over performance.
  • Hardware modeling
    • Simulators model hardware conceptually at a high level.
    • Emulators model the exact hardware architecture.
  • Environment
    • Simulators provide a contained environment focused on certain functions.
    • Emulators recreate a complete machine environment.
  • Complexity
    • Simulators are simpler and more limited.
    • Emulators are more complex as they recreate entire systems.
  • Use cases
    • Simulators are generally used for app testing.
    • Emulators run production code like games and apps.

Apple provides official simulators as part of its Xcode development environment. iOS Simulator, which simulates iOS environments on Macs for testing iOS apps, and Xcode UI Simulator, which is used to test iOS/iPadOS GUIs by simulating user interactions on the desktop, are a couple of examples of Apple simulators for mobile devices.

Apple’s iOS simulator provides a simulated environment for app testing but does not offer the same level of functionality or performance as a physical iOS device or an emulator.

There are no official Android simulators. That’s because Android emulators serve a similar purpose to simulators.

How Can a Simulator Be Used To Attack a Mobile App?

The official iOS simulator provided by Apple is for app development and testing purposes and does not have built-in capabilities to be used as a tool for attacking iOS apps. The iOS simulator runs on macOS and is designed to simulate the behavior of iOS apps in a controlled virtual environment on a Mac computer.

However, it's important to note that an iOS simulator, if used in conjunction with other tools or in specific scenarios, could potentially be involved in attacks. Here are some scenarios where the iOS simulator, combined with other tools or techniques, might be used for attacks.

  • Reverse engineering. The simulator provides an environment to reverse engineer and debug the app more easily to uncover vulnerabilities.
  • Automated testing. Attackers can automate vulnerability scanning and pen testing of the app using the simulator.
  • Malware development. Malicious code can be conveniently developed and tested against the target app on the simulator.
  • Phishing. Fake or spoof apps can be quickly built using the simulator for phishing attacks.
  • API exploration. Safely experiment with different ways to manipulate or abuse app APIs and services.
  • Fraud automation. The simulator allows automating fake user accounts or transactions for scaling fraud.
  • Analysis at scale. Easily launch distributed scans and attacks on backend infrastructure from multiple simulated devices.
  • Data interception. Network traffic interception and manipulation is more convenient on the simulator.
  • Detection evasion. Avoiding detection by tools that identify simulator usage is one challenge attackers face.

How Can Simulator Detection Be Implemented?

Here are a few ways simulator detection can be implemented in iOS apps:

  • Check the device model name. The simulator uses device names like "iPhone Simulator" or "iPad Simulator" which can be checked with UIDevice.current.model.
  • Check the device name. The simulator uses names like "iPhone" or "iPad" while real devices have unique names. This can be checked with UIDevice.current.name.
  • Check the device identifier. The simulator uses identifiers like "SIMULATOR" while real devices have unique IDs. This can be checked with UIDevice.current.identifierForVendor?.uuidString.
  • Check available hardware features. The simulator lacks certain hardware like camera, GPS, accelerometer etc. You can check if they are present using the AVCaptureDevice, CLLocationManager or CMMotionManager APIs.
  • Check the existence of simulator-specific folders. The simulator has folders like Library/Caches/com.apple.dt.Xcode which will not exist on a real device.
  • Use features not supported by the simulator. Push notifications are not supported by the iOS simulator. Try registering for remote push notifications and it will fail on the simulator but succeed on real devices.
  • Check running processes. The simulator hosts processes like SimulatorBridge, SimulatorTrampoline etc. which can be checked when listing running processes.
  • Use bridging headers. Bridging headers allow mixing of Swift code with C/C++ code in an iOS project. A bridging header file is created and imported into Xcode. This file One useful C function is sysctl() which retrieves info about the running system. It takes in query strings like "hw.machine" to get hardware info. On the simulator, querying "hw.machine" may return "x86_64" while on real devices it returns the actual device chipset like "iPhone10,5".
  • Use lower level C functions. Call lower level C functions like sysctl() to check for the presence of the simulator.

The key is to check for iOS features and environment variables that are unique to the simulator environment and do not exist on real devices. A combination of checks would ensure accurate simulator detection.

Simulator detection may not be a top priority for enterprise apps distributed internally through managed app stores. However, it's still prudent for developers to incorporate simulator checks in their apps. Even enterprise apps can be vulnerable if they don't validate the runtime environment. Moreover, hackers can potentially extract and repackage enterprise apps for distribution outside the intended channels. So while the threat profile is lower, implementing proper simulator detection provides an added layer of security for internal enterprise apps as well. Ultimately, it's in the developer's interest to ensure their iOS apps are resilient against potential tampering by using runtime validations like simulator detection. Though enterprise distribution carries lower risks, building these checks into apps represents a defensive best practice.

As is the case with other detection techniques, simulator detection should be used as one layer of defense among other security measures, such as jailbreak and root detection, debug detection, tamper detection, MitM detection, and data protection.

Blue Cedar Provides Simulator Detection

logo_icon_enforce

Blue Cedar Enforce

Blue Cedar Enforce,  component of Blue Cedar Mobile App Security, provides simulator detection. Being able to detect if a mobile app is running in an simulator and then preventing the mobile app from executing is one of many mobile app security features provided by Blue Cedar Mobile App Security.

cedar_cat_no_code

Blue Cedar Enhance

Blue Cedar also provides an easy way to incorporate mobile app security, including simulator detention, into a mobile app. That is via Blue Cedar Enhance, Blue Cedar’s no-code integration service that adds new functionality to mobile apps without requiring a single line of code to be written. Blue Cedar Enhance integrates mobile app security into iOS and Android mobile app binaries, regardless of the libraries and frameworks that underpin these app binaries.
cedar_orchestrating_2022

The Blue Cedar Platform

Blue Cedar Mobile App Security and Blue Cedar Enhance are delivered by the Blue Cedar Platform, a CI/CD friendly SaaS solution that also provides deployment services, such as app import and code signing, to streamline delivery of secured mobile apps.

Cedar