SecureBank is a deliberately vulnerable iOS mobile banking app built with React Native. Designed for educational use in iOS penetration testing, this app simulates real-world flaws found in iOS applications, making it perfect for training with Frida, Objection, and MobSF.
This app is intentionally insecure. It is for educational and authorized testing only. Do not connect to real banking APIs, use real credentials, or deploy in production environments.
SecureBank replicates vulnerable logic and insecure storage patterns commonly seen in iOS applications to support security researchers, students, and red teams.
Built to be tested with:
- 🧬 Frida
- 🔍 Objection
- 🧰 MobSF
- 📡 Burp Suite
- 🧠 Ghidra
| Vulnerability | Description |
|---|---|
| 🔐 Hardcoded Secrets | API keys and credentials embedded directly in source code |
| 🔓 Login Bypass | Authentication logic handled entirely on the client |
| 📁 Insecure Storage | Sensitive user data stored in plaintext in AsyncStorage |
| 🧾 No SSL Pinning | API traffic uses HTTP; no certificate validation |
| 📱 Jailbreak Bypass | Detection logic trivially bypassable using Frida or Objection |
- macOS with Xcode installed
- Node.js
- CocoaPods:
sudo gem install cocoapods - React Native CLI (
npm install -g react-native-cli)
# Clone the repo
git clone https://github.com/NE4TRON/SecureBank.git
cd SecureBank
# Install Node dependencies
npm install
# Install iOS native dependencies
cd ios && pod install && cd ..
# Run the app on iOS simulator
npx react-native run-ios