iOS Application Security | Part 5 | Understanding the structure of an iOS application


This article gives a basic understanding of the structure of a typical iOS application inside the file system of an iPhone. We will try to dive deep into the “Bundle” as well as “Data” directory of an iOS application. No prerequisite knowledge is required to understand this article but walk-through of the previous articles in this series is recommended. So let’s get started.

iOS System Architecture

The iOS components that support iOS applications together with the application layer make up the architecture of an iOS application.
As shown above, the Core OS and Core Services make up the base and very strongly support the iOS application. On top of that comes the Media and Cocoa Touch which are again very essential for supporting an iOS application. All of these reside on top of the Kernel and device drivers.


Cocoa has a very important role to play for supporting an iOS application. It provides UIKit for the application to work which is essentially the USP of an iOS application.

iOS Application Architecture (.ipa)

There are three types of iOS applications:

  • Native applications uses Objective C/Swift for building the application
  • Hybrid applications use frameworks like Xamarin, Cordova etc. along with Objective C/Swift.
  • Web based applications are responsive versions of websites built for working on mobile device.

We would be currently focusing on native iOS applications. A native iOS application can use Objective C or Swift code along with any of their native libraries or frameworks available of use in iOS applications. We have learnt how to extract the IPA file of an iOS application from a jailbroken device. Let us analyse what an IPA file consists of.

The Bundle Container

The Bundle directory or the IPA container consists of all the files that come along with the application when installed from Apple’s App Store or any other source. So, the files in this directory will remain same throughout in a particular version of an application.
The structure of this directory for ‘Facebook’ application is depicted in the following screenshot.

Many important information can be obtained about the application from the files in these directories. All the possible components of the Bundle Directory of a native iOS application are explained below:
Resource Name
Resource Type
This file is used to provide information to iTunes about an iOS application using Ad Hoc distribution for either testing or Enterprise deployment.
This file contains the image that is used to represent the application in iTunes
It contains two files which hold the metadata about the IPA file.
.app Directory
This directory holds all the components of the IPA file.
Application Binary
This file contains the application’s executable code. It’s name is the same as that of the name of .app Directory excluding the extension ‘.app’.
This file is the manifest of the iOS application. It contains information about - Supported Devices, Bundle ID, Display Name, Application Transport Security etc.
Application Icon
These are the icon files of the application. There are multiple icon files (Icon.png, [email protected]) for representation of the application on devices with different resolution like iPhone, iPad etc.
Launch Images
These files (Default.png, Default-portrait.png) are used as launch screen images before the application launches. They are removed as soon as the application is ready to display the UI.
Storyboard/nib files
File / Directory
These files contain the encrypted information about the storyboard of an application.
This file contains the information that can be tweaked for the application by using the menu in the settings of the device.
Subdirectories for localized resources
These are the language-specific project directories (en.lproj, fr.lproj etc.) that help in switching the language of the application from the available languages as desired by the user of the application.
Non Localized resource files
These files include things like images, sound files, movies, and custom data files that the application uses. All these files must be placed within the .app directory.
This directory contains the file CodeResources which is used to store the signature of all files in the bundle that are signed.
This plist file contains the provisioning profile for an application. In simple words, provisioning profile acts as a link between the device and the developer account. This file contains information such as application creation date, keychain access groups etc.
This directory holds the information about the frameworks that an application uses.
This directory contains keys which are used for decrypting the app's executable. The files in this directory help in integrity checks of the application
This file contains images which the app might use to display once opened. The images are stored in an optimized format, and be only taken out using specialized tools such as the Asset Catalog Tinkerer.
This file is an alternate way to specify the type and creator codes of the application or bundle. This file is not required, but is sometimes used to improve performance for code that accesses this information.

The Data Container

The “Data” directory or the Local Data Storage container consists of the files that the developer wishes to store for the application during the time in which the application is installed on the device. The files may be used for caching information for quick access or storing offline information as a backup for resuming the application from the point at intended by the developer. So, the files in this directory and also the information in the files will keep on changing while the application is in use as coded by the developers.
The structure of this directory for ‘Facebook’ application is depicted in the following screenshot.

Very critical information about the user or the application might be obtained from these files depending on what information is intended to be stored by the developer  in this directory. Some of the possible components of the “Data” directory of an iOS application are explained below:

Parent Directory
Component  Name
This directory is used to store the data that the user needs to access from the application and the files such as pdfs downloaded at the runtime. This may also be used to store crash logs that the user gets access to at the time of giving a feedback
Application Support
This directory is used to store all app data files except those associated with the user’s documents. Sometimes it may also be used to store a modifiable copy of resources contained initially in the app’s bundle. The contents of this directory are backed up by iTunes and iCloud
This directory is used to write any app-specific support files that the application can recreate easily. The data in this directory is mostly the cache for the analytics that can be sent when required and also the server’s responses for delivering quick responses to the user’s queries.
This directory also stores the screenshot of the application in the Snapshots directory when it moves to the background in order to improve user experience.
This directory contains app-specific preference files. The main file in this directory is the file named <Bundle_ID>.plist which is used by the developers to store information using NSUserDefaults class.

This directory usually contains the backup data for an application or some other data that is intended to be deleted after a process gets over. The NSTemporaryDirectory function helps the developers write temporary data to this directory.

This directory is important only for business perspective. It provides the access to the following:

  • In-App Purchase - Offers and promotes in-app purchases for content and services.
  • Apple Music - Checks a user's Apple Music capabilities and offers a subscription.
  • Recommendations and reviews - Provide recommendations for third-party content and enable users to rate and review your app.

The iCloud Container


This directory contains data that iCloud enabled iOS applications use. The files in this directory are meant to stored and updated by the sources where a user decides to update the file from.
It consists of usually two parts:

  • Documents- The files in this directory are meant to be read and updated directly by the user. These files are backed up to iCloud regularly to keep in sync.
  • Data- These files are not meant to be edited or added directly by the user. Data may be kept in different directories as desired by the developer.


In this article, we have laid a basic foundation about the architecture of an iOS application. We are now familiar with the structure of the “Bundle” directory,  the “Data” directory as well as the iCloud directory of an iOS application. In the next article, we will use this knowledge and analyze what we can get from an IPA file.

Article Link: