If targetting iOS 4, you can use the Data Protection APIs.
If you have 'Full' protection, does this encrypt the entire sandbox?
Specifically, If I downloaded say a .doc file to disk programatically will this be encrypted? Or is it only encrypted if I use the NSData data protection options?
It's only encrypted if you use data protection. See App States and Multitasking, and Protecting Data Using On-Disk Encryption.
My understanding is that you must use the data protection options. There was a WWDC 2010 talk on exactly this topic. See "Session 209 - Securing Application Data" which goes into detail. These videos are free and highly informative.
Login through developer.apple.com and then you can use the link in the page to get to the videos. FYI, the video contains all the example code you should need.
WWDC 2010 videos
if somebody were to jailbreak your device and bypass your passcode, information protected by the Data Protection API would remain encrypted and therefore inaccessible, since your passcode—the important piece of the decryption key, is not known.
Data Protection is enabled automatically simply by setting a passcode on the device.
The catch, however, is that the Data Protection feature only secures data in applications that have been specifically designed to use the Data Protection APIs.
In terms of built-in applications, that’s only the Mail app, and third-party apps that actually make use of the Data Protection features are surprisingly rare;
GoodReader and Box.net come to mind as good examples, but many other file storage apps such as Dropbox do not provide this support, meaning that your cached data is no more secure than your physical possession of the device.
This means that if you’re concerned about storing confidential data with secure encryption you will need to look to exclusively using third-party apps that support the Data Protection APIs.
It’s also important to keep in mind that any apps that use iCloud storage cannot use Data Protection, as the two are mutually exclusive due to the requirement for background synchronization of iCloud data when the device is locked.
Even GoodReader, for example, notes that documents you choose to store in the “iCloud” section of the app will not be protected by the Data Protection encryption.
Of course even Data Protection is only as secure as the passcode on the device. Using the Apple Configurator you can configure requirements for more complex passcode policies on devices to help improve security in this regard, as well as enabling an automatic erase of the device after a specified number of failed attempts.
Read more at
here
If I recall correctly, starting with iPhone 3GS, hardware encryption is on by default for data on the iPhone, and additional encryption is available if you implement -- though if you are distributing/selling through AppStore, and you're implementing your own custom encryption beyond what Apple provides, the terms of AppStore requires you to get US Dept of Commerce (if my memory is correct) approval because encryption is classified as munition.
A good starting document is http://www.apple.com/iphone/business/it-center/security.html
More info on this is available within (paid) iPhone Registered Developer website which for obvious reason, I couldn't reveal, and you'll have to discover/read yourself.
Hope the information helps, and please mark the response as answered if this helps, thanks.
Related
here is the things: there are some data sensitive which be stored in the device using NSCoding serialization.
I'd like to know is there a way the other people can find the key and unarchived the serialized object file to get data?
Thanks for help.
It is not safe to store sensitive data just using NSCoding. The NSCoded values are not encrypted in any way - you don't even need to know the keys - you can just look at a stored file directly and easily see the values if they are strings.
Sensitive data (particularly API access keys that provide privileged access to back-end web services or financial information) ideally should not be kept on the client device at all. Even when encrypted. In the extreme case, a black hat who has your app installed on their device can mount a man-in-the-middle attack and snoop on your internet traffic with your server. Instead you should a device-specific token approach if concerned about security so you can revoke a token if necessary without affecting other users.
If really concerned, you should look at two factor authentication in addition to the token.
Here is an intro for further reading.
It depends. Each application is given its own 'sandbox' on the filesystem. On a device that has not been jailbroken, an app cannot look outside of its own sandbox. However, when a user connects their device to a Mac or PC, it is possible to use utility applications such as iExplorer (http://www.macroplant.com/iexplorer/) to access the sandbox of each app on their device.
is the data stored on an iPad/iPhone encrypted?
I assume that the iPad/iPhone has an advanced pass code (not just the 4-digit code).
So my question is if data that my custom app stores in the device is encrypted or not (if no special methods are taken in the source code of the app). Would an attacker be able to read the data? What if he jailbreaks the device?
Thanks!
The answer is no if you don't apply any encrypting technique on it. You can try to use iExplorer to browse all the sandboxes of your device's applications. You may get surprised about the security of many apps out there.
I am just starting getting familiar with security in iOS, but from what I read and understood from Apple's IOS Security whitepaper, files are encrypted by per file encryption keys and those are encrypted by class keys assigned by the application that owns the files (which are sandboxed with the application). And then, the files access depends on the protection policy you assigned in your application.
However, from this answer, it is unclear if the encryption is always on, or just when the device if off or unlocked.
In any case, the above applies from non jailbreaked systems (not sure if they do for jailbreaked ones as well).
According to Apple documentation and other documentation I have read about on disk encryption on an iOS device, it seems that in order to take advantage of the advanced encryption of the device the user must have a passcode enabled so that when you use the NSDataWritingFileProtectionComplete attribute it will encrypt.
What if the user does not have a passcode set but I still want to ensure the files are encrypted? What options are there for this scenario?
Thanks!
Flea
iOS includes several APIs for encrypting data. The automatic on-disk encryption is a user-selected option that lets the user encrypt all the data written to the device's secondary storage. If you need your data to be encrypted whether or not the user chooses to turn on that option, encrypt the data yourself using one of the options provided.
Unless you really know what you're doing (and even if you think you do, you probably don't), it's generally a better idea to use the provided APIs which you can expect to have been written and reviewed by experts.
If you plan to distribute your app outside the US, and you use encryption, you will have to comply with the US Bureau of Commerce restrictions. If you use Apple's provided APIs and you are only using encryption to protect your content, you will be able to distribute your app internationally (according to Apple's iTunesConnect FAQ.)
However, if you write the encryption yourself you will have to go through a review process with the US government.
I've written more than one app that encrypts content on a server so it can be protected even after it has been downloaded to the device.
Even Apple's encryption doesn't prevent someone from making an unencrypted backup or mounting the device as a filesystem and taking the media files your app might have downloaded.
So, to protect your content you must encrypt it yourself. And, you must only decrypt it in ram and never as a temporary file in flash memory (which could be copied off the device.) This makes serving encrypted movies and PDFs a bit challenging. I use a decrypting web server thread; however, there are more modern approaches including a file-level delegate approach that might work better.
In an iPhone iOS4 app containing an existing SQLite database (i.e. there at compile time), how secure is the data in the SQLite database?
For example, is it worth encrypting an SQLite database (using the sqlite3_key(...) method sold under license)?
It is secured until the iPhone is jailbreaked. After jailbreak one can go to your database and can copy it to his desktop and then can see your data. So I think if you have very important data then you should encrypt your database
First question you have to answer is how valuable is your data? That somewhat determines how much time a hacker is willing to spend trying to get at it. Security is a complex subject and you could spend days researching IOS security. It depends heavily on the IOS version, with IOS 4 being the first release that has a decent chance of being really secure. First off nothing is secure unless your device is locked. Also, your database is NOT encrypted even if the device is locked unless you set data protection flags in your code. Sandbox doesn't help you here at all really, except to protect one apps data from another. A hacker with your device will jailbreak it and install an SSH server and at that point can pretty much do whatever they want, including brute-force passcode breaking attempts. If an IOS 4 device was locked with a decent passcode and you set data protection on your database, you are probably ok with counting on the IOS hardware encryption. But can you depend on users to set a decent passcode? The default simple passcode is only 4 digits - not that great. And will they all be IOS 4+ users? If not, you'll need your own encryption on the database. Just don't store the key anywhere, cuz hackers will find it. And while you are considering security in your coding, consider that hackers can also decompile and run a modified version of your app.
AFAIK data are physically encrypted on iOS 4.x devices. Add to that the fact that application are sandboxed, it's a fairly secure system.
Do any SO users know anything about these security flaws that have emerged from the German government of all people?
http://www.guardian.co.uk/technology/2010/aug/05/apple-security-weakness-ipad-iphone
Is it possible to understand what sort of vulnerabilities this type of hack could have (e.g. on debit/credit cards?)
This is a buffer overflow vulnerability that affects the iPad/iPhone/iPod Touch. It is triggered by viewing a specially crafted PDF file and gives the attacker complete and total control over the system. In fact the attacker will have more control over the system than the user, or any app developer. The attacker will be able to obtain any and all information stored on the device, this includes credit card number and passwords. The attacker can install a backdoor and access the device any time it is connected to the internet.
Apple has a bad history of security. To metigate this issue you should avoid opening pdf's until you have applied the iOS 4.1 patch. Expect more vulnerabilities like this in the future.