Static program analysis is the analysis of computer software that is performed without actually executing the software. Software application scanning through static program analysis is a proactive approach for enterprise information technology administrators to effectively manage the risks of software applications running on mobile devices of their employees. Because IT administrators usually do not have source code, only binary code, of a mobile application, static analysis of binary code becomes the choice for software application scanning in mobile application management (MAM) solutions.
A multitude of iOS applications in application marketplaces are developed with Objective-C, an object-oriented programming language. Objective-C source code of an application is compiled by a compiler (e.g., GCC or Clang) and transformed to machine code. Directly analyzing machine code is difficult, as the machine code is just a series of bits—0's and 1's. However, translating the machine code back to original Objective-C source code is also infeasible because symbol information like variable types and names are stripped off during the compilation process. A common way to translate the machine code is to use a tool to disassemble the machine code and convert it to assembly, a low-level intermediate representation between source code and machine code. A static analysis may then be performed over the assembly code.