Access list of processes on iOS 9

Question

Since iOS 9, Apple decided to block sysctl that gave a list of running processes (https://developer.apple.com/videos/wwdc/2015/?id=703).

After searching private APIs, I found a class named "THIRDPartyApps" that looks exactly what I need (process name & data usage in WiFi & WWAN). But, I don't know how to retrieve a list of THIRDPartyApps.

Does somebody know how it works ?

Edit :

Found via Symbolication.framework 2 classes: VMUProcList & VMUProcInfo. In the first one, there is a method called allProcInfos returning a NSArray of VMUProcInfo.

Works on a 7.1.2 device (I suppose it works too on 8.X devices) but doesn't work anymore on a iOS 9 device. I have a beautiful error in the console :

Failure calling sysctl to get process list buffer size: Operation not permitted

Answer 1

I just watched the WWDC 2015 sessions about security and privacy and put together some notes about the changes brought by iOS 9 that I thought were interesting. App Transport Security

This is a big one: by default on iOS 9, Apps will no longer be allowed to initiate plaintext HTTP connections, and will be required to use HTTPS with the strongest TLS configuration (TLS 1.2 and PFS cipher suites):

It is possible to lift these restrictions and still retrieve data over plaintext HTTP by adding some configuration keys to the App’s Info.plist. Also, App Transport Security seems to only be available for connections initiated using NSURLSession. While NSURLConnection is being deprecated (forcing everyone to switch to NSURLSession for HTTP), I wonder if plaintext connections initiated through other network APIs (such as NSStream) will fail as well.

A great change overall, and this might even be the first step to mandatory HTTPS as part of the App Store policy. Detection of Installed Apps Blocked

Apple has closed three privacy gaps that allowed Apps to detect which other Apps were installed on the device.

The first technique was to use the sysctl() function to retrieve the process table (a remnant of OS X), which includes the list of running Apps. In iOS 9, sysctl() was modified to no longer allow sandboxed Apps to retrieve information about other running processes.

The second technique relied on the UIApplication canOpenUrl method to try known URI schemes implemented by specific Apps, in order to detect if these Apps were installed on the device. This was made famous by Twitter, which used a list of 2500 URI schemes to detect which Apps were installed on the device. In iOS 9, Apps have to explicitly declare which schemes they would like to use in their Info.plist file. For Apps targeting iOS 8 but running on an iOS 9 device, there is also a hard limit of 50 URI schemes that can be checked at most.

There was a third technique which relied on the icon cache being accessible to sandboxed Apps. Although it wasn’t even mentionned in the WWDC video, this privacy leak has also been addressed in iOS 9.

Overall, closing these privacy gaps is a great move for users as these APIs were being abused by various Apps and analytics/ads SDKs.