From b12eaa40070335ac6fb1fbc4c3c0060b1dc3f609 Mon Sep 17 00:00:00 2001
From: Tek <tek@randhome.io>
Date: Sat, 14 Dec 2024 10:03:23 +0100
Subject: [PATCH] Reorganize code in iOS app module

---
 src/mvt/ios/modules/mixed/applications.py | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/mvt/ios/modules/mixed/applications.py b/src/mvt/ios/modules/mixed/applications.py
index 3eb95939a..8c151301c 100644
--- a/src/mvt/ios/modules/mixed/applications.py
+++ b/src/mvt/ios/modules/mixed/applications.py
@@ -17,6 +17,12 @@
 APPLICATIONS_DB_PATH = [
     "private/var/containers/Bundle/Application/*/iTunesMetadata.plist"
 ]
+KNOWN_APP_INSTALLERS = [
+    "com.apple.AppStore",
+    "com.apple.AppStore.ProductPageExtension",
+    "com.apple.dmd",
+    "dmd",
+]
 
 
 class Applications(IOSExtraction):
@@ -80,12 +86,10 @@ def check_indicators(self) -> None:
                     self.detected.append(result)
                     continue
             # Some apps installed from apple store with sourceApp "com.apple.AppStore.ProductPageExtension"
-            if result.get("sourceApp", "com.apple.AppStore") not in [
-                "com.apple.AppStore",
-                "com.apple.AppStore.ProductPageExtension",
-                "com.apple.dmd",
-                "dmd",
-            ]:
+            if (
+                result.get("sourceApp", "com.apple.AppStore")
+                not in KNOWN_APP_INSTALLERS
+            ):
                 self.log.warning(
                     "Suspicious app not installed from the App Store or MDM: %s",
                     result["softwareVersionBundleId"],