Garner is a mobile application repository that gathers application packages from the Apple App Store and Google Play Store and extracts useful information about them. Users can use Garner's web interface to

  • search for apps in the App Store & Play Store and download IPAs/APKs;
  • monitor for & automatically download new versions of apps of interest;
  • view permissions requested by downloaded apps;
  • view files contained in downloaded apps;
  • compare changes in permissions and files across downloaded versions; and
  • look up contained files across the repository by name or hash.

Garner provides forensicators (digital forensics analysts) and malware analysts a handy centralised repository for mobile applications that they can use whilst analysing cases. Examples of workflows involving Garner include:

  • Determining which version of an app introduced a maliciously used permission or a malicious file.
  • Determining which apps in the repository include a malicious file, as determined by hash.
  • Extracting a list of files that are included in a legitimate version of an application package, which the forensicator can safely exclude while analysing a (potentially) compromised mobile device.
  • Installing two versions of an app and comparing their runtime behaviour.
  • Installing a specific version of an app on a test device that is compatible with databases gathered during evidence collection.

Garner is a containerised web service written in Swift using the Vapor framework. It runs on Ubuntu and macOS.


The goal of this project is to improve the Garner framework For example:

  • Before Garner can download an app or any of its updates from the App Store, a Garner operator needs to purchase or download that app using the App Store account assigned to Garner. Garner should support downloading all free apps without this manual intervention.
  • Garner can only download applications from the App Store when the fetching service runs on a Mac. It should support downloading iOS apps on Ubuntu.
  • Garner does not analyse executables; it merely dissects a package's contents. It should extract classes (Objective-C, Swift, and/or Java). It should also compute hashes for methods and functions to enable comparing code changes.

Expected outcome

  • source code on our GitLab server
  • 1 blog post
  • 1 poster
  • a project report


  • Applicant's country of origin must be a member of EU or NATO

Required skills

To start this project you should have some knowledge of:

  • Swift programming language.


Contact us

This website uses cookies. More information about the use of cookies is available in the cookies policy.