client credentials on iOS apps: Select the Strings tab and search for these terms secret, crypt, private, token. If the app is not loading or immidately crashing when launching, try to search the class dump (or in your disassembler) for methods like isJailbroken, jailbreak, rooted, because chances are they have a jailbreak detection Almost every mobile app uses at least one 3rd party library. Dig into these 3rd party libraries and check their versions, many of them are open source and you can search their public repository for issues and check whether the current version of the library is/isn't affected. All the libraries are inside the Frameworks/ folder in the app's bundle. Many apps use 3rd party backend systems, for this the apps need some credentials or configuration files. Sometimes developers expose credentials or private keys in these files: In the app's bundle search for all the .plist, .json or .conf files. Also, after using the app for a while, check the UserDefaults file, which is a .plist configuration file that some developers use to store sensitive information