I was developed one small iphone business application...In my application i used the data fetching from server..If that time the data will store on phone memory or RAM..I think its not secure... So I will decide to store another customized location....Is this possible in phone...Any good ideas?
If you want good security, you may want to receive the data in encrypted form, and decrypt only when you act on the data.
Related
I'm new to IOS programming, and I have had a great time learning it. It took me about 4 months to really get a good grasp on it. I have began creating my own app, and I ran in to a few questions. The app I'm creating is a live app like instagram, foursquare, etc. How do I store all of the information I need. Can I use Core-Data to create a real-time app that can handle updates from multiple users?
The app I'm creating is a live app like instagram, foursquare, etc.
How do I store all of the information I need.
You'll probably create some sort of server to manage the data. Having a single, central source of data is a lot easier than trying to sync data between multiple devices.
Can I use Core-Data to create a real-time app that can handle updates from multiple users?
You can -- Core Data works on MacOS X as well as on iOS, so you could write a Mac program that is the server for your iOS app. Whether that's the best approach is another question... I suppose it depends on how well you already know Core Data, whether there are any advantages to using the same Core Data data model on both the server and the client, how many clients you think you might have to support at once, etc.
If you're asking about using Core Data on the iOS client, then yes, you can certainly do that.
If I use SSL connection for my iphone app to query the database using web as the datasource, is it possible that the links and info that goes back and forth from the server to iphone will be encrypted in a way that nobody could see it. Additionally, i believe that the iPhone caches info, the web interface can cache data going to and from the device.
By another person i was told this:
SSL is only the transfer, what the app uses on the device is not encrypted just because what is transferred is. If the app uses no cache and you use SSL, you could be safe, the simple fact is that almost all apps cache data prior to transmitting it. Therefore, you would have unencrypted data on your device.
So what are my options if i want to build an app that uses the web as the datasource, stores nothing on the app, and uses no cache. I want all data coming from and to to be encrypted.
At some point, you're going to receive data from a server. That data needs to be put somewhere, like in a data buffer. There's absolutely no way around that. If you're using SSL then the transfer process will be encrypted. As your "other person" said, as long as you don't explicitly cache the data, then that's about as much as you can do to protect yourself on iOS.
I'm not sure exactly what you're expecting here, otherwise.
None. To do anything except transferring the data, you need to have it decrypted. If it is decrypted it will be in the RAM of your device. How secure that is depends on the application. In theory there are some operations that can be performed on encrypted data, but in practice this is only useful for a handful of applications (and it's a hard thing to develop).
I have an app that uses an SQLite database. With the advent of iCloud on the rise I'm trying to figure out a good architecture for syncing data between devices. So lets say my app runs on an iPhone, an iPad, and a Mac. How can I keep data in my DB up-to-date on all devices?
My first thought was, I can put the database in the cloud and send transactions. But the device may not always been online and the users need their content at anytime, so that wont work. My other thought was to continue using the local db, and then when a connection is made, to send the cached data to the central db. The problem is I have no ideal where to even begin on something like that. How would I know which data has been sent and not sent, which data to actually send when a connection is made, etc.
So this is my question (we don't have to get into iCloud specifics), using an SQLite database and iCloud (or any storage medium), how can I sync data between multiple devices, but still have the most recent data stored locally on the device?
You might want to checkout Couchbase Mobile. This would help with the synchronization you are looking for.
If you have a significant investment into CoreData, then you may want to look at writing your own NSIncrementalStore to support writing data to and from a key value store.
iCloud is only going to be a good solution if your data is sandboxed to a specific user. If you have multiple users that want to view the same data then it won't work.
I want to create an app which holds sensitive information (imagine it's bank account details, thought it's not). The user enters this information on a form the first time the app starts up. I want this info to be saved, and available, any time the user uses the app (without having to enter a password). However, if the iPhone has a password lock on it, and is stolen, I don't want the data to be easily accessible from the file system.
What is the best way of encrypting or obfuscating the data? There is not a lot of data, just a dozen NSStrings from the UITextFields on the form.
I'm aware there are encryption export restrictions on the iPhone for non-US developers (I am in UK), so I would prefer to avoid going jumping through any of Apple's app submission hoops to get it on the store.
Why not use the built in Keychain Services? That's what it is for.
EDIT: There an article in SDKDevFAQ.com about Keychain Services that points to a tutorial and sample code on github. Also, check out this blog entry about using the Keychain.
I don't know if a jailbroken iPhone device lets you read NSUserDefaults from other applications or not. If not, you could just store your information in there instead of as a file.
Alternatively, you could generate some salt based on (but not equal to) the device ID, and simply XOR it with the bytes of the strings. As long as your algorithm to generate the salt isn't trivial and the strings aren't too long, the data will be fairly safe. Without getting into heavier encryption stuff, you can't guarantee too much more than "fairly safe".
I'm currently in the middle of developing an iPhone app with a big reference database (using Core Data backed with a pre-populated sqlite database). Once the app is live and deployed to a client's iPhone, I need the facility to update/insert a small amount of data. What are best practices / methods for doing this?
There may be occassions when the frequency of updates will be daily for a month or so. Other occassions when a data update happens once every few months.
What is the recommended way of doing this? Note, I don't anticipate any data model changes for these updates -- this is purely an insert/update of data.
At the moment I'm starting to research the use of push data notifications (q:payload size restrictions?), app store updates (q:code/data model only, not data updates?) and the use of my own ad hoc data server (which the app connects to routinely to check for updates).
Can anyone please provide me any pointers on the above?
Thanks in advance
IIRC Push Notifications have a maximum payload of 256 bytes. Enough for notification purposes, but not more. Your app would still have to download the actual data from your own server after receiving the notification.
Note that the app bundle is not writable on the device. So if your app needs to update the data store, you should copy the pre-populated database file from the app bundle to the app's documents directory on first launch.
App Store updates would certainly be feasible (especially now that Apple seems to have gotten its review process down to a few days at most) but note that an App Store update will always replace the entire app bundle (code and data), so if your pre-populated reference database is big, the customer would have to download it in full every time.