Port MASTG-TEST-0069 to v2: iOS App Permissions

[Copilot]

This PR closes #818

Description

Ports MASTG-TEST-0069 (Testing App Permissions for iOS) to MASTG v2 format, splitting the monolithic v1 test into two focused tests following the v2 approach.

New tests created:

• MASTG-TEST-0313 - Purpose Strings in Info.plist (static)

  • Examines Info.plist for *UsageDescription keys
  • Evaluates whether declared permissions align with app functionality
  • References @MASTG-TECH-0058, @MASTG-TECH-0138
  • Demo: MASTG-DEMO-0076

• MASTG-TEST-0314 - Runtime Permission Usage Verification (dynamic)

  • Traces authorization APIs (CLLocationManager, AVCaptureDevice, etc.) via Frida
  • Validates declared vs actual permission usage
  • Demo: MASTG-DEMO-0077

Both tests mapped to MASWE-0117 in MASVS-PRIVACY, consistent with Android equivalents (MASTG-TEST-0254–0257).

Demos created:

• MASTG-DEMO-0076 - Identifying Purpose Strings in Info.plist

  • Demonstrates extracting purpose strings from Info.plist
  • Includes sample MastgTest.swift and Info.plist files

• MASTG-DEMO-0077 - Runtime Permission Usage Verification with Frida

  • Uses Frida script to trace authorization API calls at runtime
  • Cross-references runtime calls with declared purpose strings

v1 test deprecation:

status: deprecated
covered_by: [MASTG-TEST-0313, MASTG-TEST-0314]
deprecation_note: "New version available in MASTG V2"

---

[x] I have read the contributing guidelines.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>MASTG v1->v2 MASTG-TEST-0069: Testing App Permissions (ios)</issue_title>
<issue_description>
Create a new MASTG v2 test covering for":

• Title: Testing App Permissions
• ID: MASTG-TEST-0069
• Link: https://mas.owasp.org/MASTG/tests/ios/MASVS-PLATFORM/MASTG-TEST-0069/
• Platform: ios
• MASVS v1: ['MSTG-PLATFORM-1']
• MASVS v2: ['MASVS-PLATFORM-1']

Follow the guidelines
</issue_description>

Comments on the Issue (you are @copilot in this section)

@cpholguera It's yours @sk3l10x1ng . Please consider that this old test contains things that can go into new techniques and the test itself should be split into several ones according to the new V2 approach. Thank you.

• Fixes MASTG v1->v2 MASTG-TEST-0069: Testing App Permissions (ios) #2969

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[cpholguera]

@copilot please create a demo in demos/ for each test

[Copilot]

@copilot please create a demo in demos/ for each test

Created demos for both tests in commit f637a4c:

• MASTG-DEMO-0076 for MASTG-TEST-0313 (static): Demonstrates extracting purpose strings from Info.plist
• MASTG-DEMO-0077 for MASTG-TEST-0314 (dynamic): Uses Frida to trace authorization API calls at runtime