Research

Digital Surface Labs

Jetpack Security Vulnerabilities

JetPack Security Vulnerabilities & Concerns

Research compiled: 2026-02-16 Sources: code-quality-bot analysis, workspace summaries, codebase analysis

Critical: Force Cast Crashes (Reliability/Security)

These are crash-inducing bugs that could be triggered by malformed server responses or unexpected data, making them both reliability AND security concerns (crash = denial of service to the pilot).

1. UserServiceModel NSCoding Force Casts (HIGH)

  • File: MobileOpsPilotApp/UserServiceModel.swift (lines 74-85)
  • Issue: 11 as! force casts when decoding NSCoder data. SwiftLint is explicitly disabled for force_cast in this file.
  • Risk: Crash during user data deserialization if types don't match
  • Fix: Replace with as? optional casting + nil handling
  • Branch: cqb/reliability/unsafe-force-casts-nscoding (created, 14 insertions)

2. WebServiceProxy POST JSON Force Cast (HIGH)

  • File: MobileOpsPilotApp/WebServiceProxy.swift (line 147)
  • Issue: as! NSDictionary force cast on JSON response. The GET method handles both dictionary and array safely, but POST does not.
  • Risk: Crash if server returns JSON array or invalid JSON
  • Fix: Add same dictionary/array handling as GET method, or use as? with guard
  • Branch: cqb/reliability/unsafe-json-force-cast (created, 23 insertions)

3. DiskCache HTTP Response Force Cast (HIGH)

  • File: MobileOpsPilotApp/DiskCache.swift (line 25)
  • Issue: as! HTTPURLResponse force cast on response
  • Risk: Crash if response type is unexpected
  • Fix: Replace with as? HTTPURLResponse + early return
  • Status: Identified, no branch yet

4. NSDateExtensions Force Unwraps (HIGH)

  • File: MobileOpsPilotApp/NSDateExtensions.swift (lines 384, 421, 479, 485)
  • Issue: 4 force unwraps on optionals. Line 384 unwraps date! right after nil check. Lines 479/485 unwrap DateComponents properties.
  • Risk: Crash on edge-case date values
  • Fix: Guard statements / optional handling
  • Status: Identified, no branch yet

5. LoginViewController Force Try (HIGH)

  • File: MobileOpsPilotApp/ViewControllers/LoginViewController.swift (line 66)
  • Issue: try! to initialize Reachability
  • Risk: Crash if Reachability initialization fails (e.g., restricted network APIs)
  • Fix: do-catch error handling
  • Status: Identified, no branch yet

Authentication & Credential Security

Current State (Reasonably Good)

  • OAuth 2.0 via OAuthSwift -> Azure AD
  • Credentials stored in iOS Keychain (secure)
  • API key obfuscation algorithm in place
  • JWT validation on backend
  • Azure APIM gateway with subscription keys, rate limiting, IP whitelisting

Concerns

  • Impersonation support exists for testing -- needs to be gated behind debug/non-production builds only
  • API key obfuscation is custom (not a standard library) -- unknown strength
  • 4 analytics SDKs (Firebase, AppDynamics, Pendo, New Relic) increase the attack surface and data exposure

Backend Security

4.x Backend (ASP.NET Core 8.0)

  • OAuth 2.0 Bearer Tokens + Azure AD integration
  • SonarQube security scanning in CI/CD (project key: flightops-JetPack)
  • Polly resilience policies (retry, circuit breaker, timeout)
  • Rate limiting and IP whitelisting via APIM

3.x Backend (Legacy -- Higher Risk)

  • OData unrestricted queries: Clients control query shape, which is flagged as a security concern. Complex $expand queries can cause timeouts (potential DoS vector).
  • MaxExpansionDepth limit of 8 helps but doesn't fully mitigate
  • Being phased out (migration to 4.x in progress)

Information Leakage

Production Print Statements (MEDIUM)

  • 25 print() statements in production code across 5 files
  • DatabaseManager.swift has 11 alone
  • Risk: Console output can leak sensitive flight/user data
  • Files affected: DatabaseManager, SchedulingService, WebServiceProxy, LoginViewController, ImpersonationButton
  • Fix: Replace with proper logging (os_log or New Relic) with appropriate log levels

Error Handling Gaps

Silent Error Swallowing in SchedulingService (MEDIUM)

  • File: MobileOpsPilotApp/SchedulingService.swift
  • Line 29: force unwrap on URLString
  • Line 34: try? silently returns nil on network errors
  • Line 46: try? swallows decoding errors
  • Risk: Failures are hidden, makes debugging hard, could mask security-relevant errors

Summary of Risk Levels

Finding Severity Status
Force casts in UserServiceModel HIGH Branch created
Force cast in WebServiceProxy POST HIGH Branch created
Force cast in DiskCache HIGH Identified
Force unwraps in NSDateExtensions HIGH Identified
Force try in LoginViewController HIGH Identified
OData unrestricted queries (3.x) HIGH Migration in progress
Production print statements MEDIUM Identified
Silent error swallowing MEDIUM Identified
Impersonation support gating LOW Needs review
Custom API key obfuscation LOW Needs audit