The plist files are convenient to use and can be used to store standard data types, such as integer, strings, and so on. Many times a developer makes the mistake of saving sensitive information in plist. Many top companies' iOS app had mistakenly stored users' credentials/pin in the plist files in their earlier versions.

An attacker can easily look into these plist files for sensitive information.

We will use the ContactDetails.ipa iOS app that is provided with the code bundle of this chapter in order to demonstrate this vulnerability. Let's follow the given steps in order to identify the insecure storage vulnerability in the given iOS app: