Case Study: Large Healthcare Business Group achieves improved patient-data protection and MITM resistance for its iOS app with Apriorit

Large Healthcare Business Group - Customer Case Study

Large Healthcare Business Group engaged Apriorit to assess the security of its iOS app for medical personnel (iOS 9.2+). Apriorit performed black‑box penetration testing with source reverse‑engineering on both non‑jailbroken and jailbroken devices to evaluate protection of sensitive patient data in motion and at rest and to identify risks from man‑in‑the‑middle attacks, backup/keychain extraction, and jailbroken‑device exploits.

Apriorit used traffic sniffing, keychain and backup analysis, and a proof‑of‑concept desktop app to demonstrate that access tokens, credentials and sensitive data could be intercepted or recovered; they recommended SSL pinning, excluding the cache from backups, and anti‑jailbreak measures. After the client implemented fixes, Apriorit’s second‑round check confirmed SSL pinning worked on non‑jailbroken devices, passwords were no longer sent in plain text, sensitive data no longer appeared in logical or file‑system acquisitions, and overall exposure was substantially reduced; Apriorit additionally advised symmetric encryption for request/response bodies. The full assessment and recheck required 80 man‑hours.