In this talk, we review common classes of iOS mobile application flaws as seen in real-world applications. Moreover, to assist the community in assessing security risks of mobile apps, we introduce a new tool called 'idb' and show how it can be used to efficiently test for a range of iOS app flaws. In order to illustrate how apps commonly fail at safeguarding sensitive data, each vulnerability class is first introduced and discussed. We then demonstrate how idb can be used to uncover these flaws from a black-box perspective and provide guidance on how to mitigate each flaw.