Damn Vulnerable iOS Application was born from the need to have a tool where a user can test their iOS penetration testing skills in a safe and legal environment. Also, this application can be used by mobile security enthusiasts and students to learn or review the basics of mobile application security.

Vulnerabilities and Challenges Include …

  • Insecure Data Storage
  • Extension Vulnerabilities
  • Attacks on third party libraries
  • Jailbreak Detection
  • Runtime Manipulation
  • Piracy Detection
  • Sensitive information in memory
  • Transport Layer Security (http, https, cert pinning)
  • Client Side Injection
  • Information Disclosure
  • Broken Cryptography
  • Security Decisions via Untrusted input
  • Side channel data leakage
  • Application Patching

All these vulnerabilities and their solutions have been tested up to iOS 10

The app also contains a section on iOS Application Security Tutorials for those who want to learn iOS Application Pentesting. Every challenge/vulnerability has a link for a tutorial that users can read to learn more on that topic.

This app will only run on devices running iOS 7 or later. Users can download the source code and run the application on previous versions of iOS as well.

Get Started

Here is a tutorial on how to get started with Damn Vulnerable iOS App.


I have written a blog series on iOS Application Security. The complete list of tutorials can be found below




I have conducted hands-on training on iOS exploitation at the following conferences.

    Hack in Paris
    Positive Hack Days
    Owasp Appsec USA

& many other corporate trainings.

Please get in touch with me via the contact page for any Queries related to Trainings.


You can download the complete list of solutions from here.
However, please consider making a donation to support the project and further work ! All of your donation will be used productively in making this project better and putting more free stuff online.


Note: DVIA is available “free for personal use” only. If you want to use the app for commercial purposes, please get in touch via the contact page.

App will only work on iOS 8 or later devices, older versions of iOS are not supported. DVIA supports 64 bit devices as well.

Make sure to read this post on how to get started with using DVIA.

Version 2.0 (November, 2016) – Download the IPA file from here

Older Version
Download the deb file from here
Download the IPA file from here

The Github project and source code for DVIA can be found here
Updated instruction to compile app for iOS 10 & Xcode 8 can be found here. Written by Andrew Hoog from NowSecure.com


Got a question ? You can contact me on Twitter, Linkedin,
ask a question on Twitter or Stack overflow with the hashtag #DVIA or fill the form below.

Your Name (required)

Your Email (required)


Your Message