iOS applications are developed in Obj-C and Swift. Application reversing proves to be more difficult than Android static analysis, and, therefore, dynamic analysis, combining both network and behavioral inspection, often provides the best insight. Some of the tools that can be leveraged for static analysis are strings, otool, and class-dump.

The application binaries stored on the file system, at rest, are encrypted, so in order to access their contents in any meaningful way, they must be accessed on a live, jailbroken system and the contents dumped out in a decrypted state that has been afforded by the device operating system, which is accomplished by your commercial forensic tools. Free tools for accomplishing this task include: frida-ios-decrypt, Clutch, and dumpdecrypted.dylib.¹

With a decrypted binary, otool will identify libraries of possible interest, whose functionality can be further investigated using open-source search methodologies, class-dump can provide useful header information for classes, protocols, and categories, and strings can return a number of useful results like HTML source code, application directory structure, and files of interest.

If you are interested in reversing iOS or Android applications in-depth, consider taking SEC575, which covers all these topics and more.

Reference:

[1]https://fadeevab.com/decrypt-ios-applications-3-methods/