ios-securitylisted

# iOS Security Audit Production-grade security auditing skill for iOS codebases aligned with OWASP MASVS v2.1.0. Operates pattern-first — high-confidence string/regex detection for CRITICAL issues, then semantic reasoning for HIGH/MEDIUM issues requiring data-flow understanding. Covers both Swift and Objective-C with language-appropriate detection strategies. The audit produces a structured finding report with severity, location, MASVS mapping, risk explanation, and concrete fix. Every finding links to a MASVS control and, where applicable, a MASWE weakness ID. ## Audit Scope Overview ``` MASVS v2.1.0 — 8 Categories, 24 Controls ├── STORAGE (2) — Keychain, Data Protection, leakage vectors ├── CRYPTO (2) — Algorithms, key management, randomness ├── AUTH (3) — Protocol, local auth, step-up ├── NETWORK (2) — ATS/TLS, certificate pinning ├── PLATFORM (3) — URL schemes, WebViews, UI security ├── CODE (4) — Platform version, updates, deps, input validation ├── RESILIENCE (4) — Integrity, tampering, static/dynamic analysis └── PRIVACY (4) — Minimization, transparency, control, lifecycle ``` ## Quick Decision Trees ### What severity level applies? ``` Is the issue exploitable without physical device access? ├── YES → Is sensitive data (credentials, PII, keys) exposed? │ ├── YES → 🔴 CRITICAL │ └── NO → 🟡 HIGH └── NO → Does the issue weaken defense-in-depth? ├── YES → 🟢 MEDIUM └── NO → 🔵 LOW ``` ### Which language audit strategy to apply? ``` Do