Install-time code downloads and stores a native Frida Gadget dylib. The source does not execute the dylib, but it accepts an unverified remote payload.
Static reason
One or more suspicious static signals were detected.
Impact
A compromised release or redirect target could supply a native dylib later loaded by a consuming iOS application.
Mechanism
HTTPS download, gzip decompression, and local native payload staging
Rationale
This is package-aligned Frida distribution behavior rather than demonstrated malicious activity, but an install-time unverified native payload download is a meaningful unresolved supply-chain risk.
Evidence
package.jsondownload.jsindex.jsindex.d.tsfrida-gadget-<version>-ios-universal.dylib.downloadfrida-gadget-<version>-ios-universal.dylib
Network endpoints1
github.com/frida/frida/releases/download/${gadget.version}/frida-gadget-${gadget.version}-ios-universal.dylib.gz