Reorganize code in iOS app module

2026-02-15 18:02:44 +00:00 · 2024-12-14 10:03:23 +01:00
1 changed files with 10 additions and 6 deletions
--- a/src/mvt/ios/modules/mixed/applications.py
+++ b/src/mvt/ios/modules/mixed/applications.py
@@ -17,6 +17,12 @@ from mvt.ios.modules.base import IOSExtraction
 APPLICATIONS_DB_PATH = [
    "private/var/containers/Bundle/Application/*/iTunesMetadata.plist"
 ]
 KNOWN_APP_INSTALLERS = [
    "com.apple.AppStore",
    "com.apple.AppStore.ProductPageExtension",
    "com.apple.dmd",
    "dmd",
 ]
 class Applications(IOSExtraction):
@@ -80,12 +86,10 @@ class Applications(IOSExtraction):
                    self.detected.append(result)
                    continue
            # Some apps installed from apple store with sourceApp "com.apple.AppStore.ProductPageExtension"
-            if result.get("sourceApp", "com.apple.AppStore") not in [
+            if (
-                "com.apple.AppStore",
+                result.get("sourceApp", "com.apple.AppStore")
-                "com.apple.AppStore.ProductPageExtension",
+                not in KNOWN_APP_INSTALLERS
-                "com.apple.dmd",
+            ):
                "dmd",
            ]:
                self.log.warning(
                    "Suspicious app not installed from the App Store or MDM: %s",
                    result["softwareVersionBundleId"],