Skip to content

Deprecated Minimum iOS Version

Deprecated Minimum iOS Version

Description

The application specifies a deprecated minimum iOS version in its MinimumOSVersion property within the Info.plist file. Supporting outdated iOS versions can expose the application and its users to security vulnerabilities that have been addressed in newer iOS releases.

Older iOS versions may contain: - Known security vulnerabilities that have been patched in newer versions - Deprecated APIs that may not follow current security best practices - Missing security features and protections introduced in recent iOS versions - Potential compatibility issues with modern security frameworks

Applications that support very old iOS versions may be forced to use outdated security practices or may be unable to take advantage of the latest security enhancements provided by Apple. This creates a larger attack surface and potentially exposes users to security risks.

The minimum supported iOS version should be regularly reviewed and updated to balance user accessibility with security requirements.

Recommendation

Update the minimum iOS version requirement in your application's Info.plist file to latest supported versions to enhance security and reduce exposure to vulnerabilities associated with deprecated iOS versions.

  1. Update Info.plist: Modify the MinimumOSVersion key in your Info.plist file to specify a minimum iOS version that is not deprecated.

  2. Review Compatibility: Ensure your application's features and dependencies are compatible with the new minimum iOS version requirement.

  3. Update Deployment Target: In Xcode, update your project's iOS Deployment Target to match the new minimum version requirement.

  4. Test Thoroughly: Test your application on devices running the new minimum iOS version to ensure all functionality works correctly.

  5. Consider User Impact: Analyze your user base to understand the impact of dropping support for older iOS versions. Use App Store Connect analytics to determine the percentage of users on older versions.

  6. Gradual Migration: If necessary, plan a gradual migration strategy where you announce the upcoming minimum version requirement in advance to give users time to update their devices.

  7. Regular Reviews: Establish a process to regularly review and update the minimum iOS version requirement as part of your application maintenance cycle.

Example Info.plist entry: 

<key>MinimumOSVersion</key>
<string>18.0</string>

By maintaining support for only recent iOS versions, you can take advantage of the latest security features and ensure your users benefit from the most up-to-date security protections available in the iOS ecosystem.

Standards

  • OWASP_MASVS_L1:
    • MSTG_CODE_5
  • OWASP_MASVS_L2:
    • MSTG_CODE_5
  • OWASP_MASVS_v2_1:
    • MASVS_RESILIENCE_1
    • MASVS_CODE_3
  • PCI_STANDARDS:
    • REQ_6_2
    • REQ_6_3
    • REQ_11_3
  • CNIL_FOR_DEVELOPERS:
    • DEVELOPERS_4_3_1