If I'm not mistaken (and if I am mistaken, here or in what I say below, please correct me), non-jailbroken iPhones provide two broad areas of storage space:
for apps (and data that comes bundled with apps);
for user-managed files.
I understand that the former is protected storage, meaning that data bundled with an app and stored in that area is not accessible to the user except via the app.
On a jailbroken iPhone, does this protected area still exist? If so, what protections remain; i.e. is data stored within it still inaccessible to the user?
On a jailbroken iPhone the user has full access to all resources. The user will have more control over the device than any developer. There is no place to hide secrets on the device, even memory is accessible.
Even on a non-Jailbroken phone it's easy to extract the user data from the backups that iTunes creates when the user syncs (unless the user specifically enables the "encrypt backups" option).
The apps themselves are nominally encrypted using iTunes DRM, but since you can download apps in iTunes on a desktop and (AIUI) easily remove the DRM, again, even users without jailbroken devices can access your resources.
You have it backwards:
Third-party apps are sandboxed so they cannot access "protected" data, including some system data and other apps' data.
System apps tend to not be sandboxed and have extra privileges (they might all do). For example, App Store has to be able to upgrade other apps, and exploiting holes through Safari was one way to root a phone (suggesting Safari runs as root).
Nowhere is app data protected from the user. Instead, Apple apps do not expose the filesystem (and third-party apps can only expose a small portion of it).
Additionally, the "two areas of storage" are actually / (more or less the firmware image) and /var/mobile (more or less the user data partition). AIUI, upgrading the OS overwrites / but leaves /var/mobile intact; this is how a normal upgrade manages to preserve all your data without a long backup/restore process. IIRC, system apps are in /Applications and third-party apps are installed to /var/mobile/Applications.
I'm not sure what category Apple apps distributed on the App Store fall under (iBooks, Remote, Pages/Numbers/etc).
Related
Is it possible to get the current phone's number from contacts permission in Swift?
It's not possible anymore
"For security reasons, iPhone OS restricts an application (including
its preferences and data) to a unique location in the file system.
This restriction is part of the security feature known as the
application's "sandbox." The sandbox is a set of fine-grained controls
limiting an application's access to files, preferences, network
resources, hardware, and so on."
The device's phone number is not available within your application's
container. You will need to revise your application to read only
within your directory container and resubmit your binary to iTunes
Connect in order for your application to be reconsidered for the App
Store
For example, is it possible the storage container key in the entitlements dictionary would accept "*" or "/", allowing me to access any and all data in that user's iCloud?
I am not worried about getting this app accepted into the app store.
No.
And, even if you could, there wouldn't be any way to enumerate that data. -[NSFileManager URLForUbiquityContainerIdentifier:] and friends require you to know the containers you want to access. (You can pass nil, but that just returns the first container you have access to, not some parent of all containers.)
And this is intentional. The public APIs aren't meant to let your app interfere with other apps' storage (except for related apps that share a team), for pretty good reasons. You may want to read iCloud Storage in Mac App Programming Guide (which doesn't require a paid membership to access).
So, how does the iCloud preference pane do it? Well, that's a secret. Presumably it either uses private APIs, or just talks to the iCloud web service directly in a way that the APIs can't. You could presumably reverse-engineer it, but that's the only way you'll be able to do this.
Everytime I get a call my old wallpaper shows even though I have a new one. I'm trying to find it on my iOS but I cannot seem to figure out where. So I'm trying to track down what folders gets backed up when i backup my iPhone since I have restored it and it's still there.
(I'm using a jailbroken device)
I know this isn't the actual folder names and etc but it will give you an idea what it's backing up though. Good Luck.
With iOS 1.1 and later
Safari bookmarks, cookies, history,
and currently open pages
Map bookmarks, recent searches, and
the current location displayed in
Maps
Application settings, preferences,
and data
Address Book and Address Book
favorites
Calendar accounts
Wallpapers
Notes
Call history
Mail accounts
YouTube bookmarks
SMS messages
Saved suggestion corrections (these
are saved automatically as you reject
suggested corrections)
Camera Roll (photos and screenshots
taken by the iPhone)
Voicemail token (This is not the
Voicemail password, but is used for
validation when connecting. This is
only restored to a phone with the
same phone number on the SIM card.)
Web clips
Network settings (saved Wi-Fi
hotspots, VPN settings, network
preferences)
Paired Bluetooth devices (which can
only be used if restored to the same
phone that created the backup)
Keychain (this includes email account
passwords, Wi-Fi passwords, and
passwords you enter into websites and
some other applications. The keychain
can only be restored from backup to
the same iPhone or iPod touch. If you
are restoring to a new device, you
will need to fill in these passwords
again.)
With iOS 2.0 and later (in addition to the above)
Managed Configurations/Profiles
List of External Sync Sources (Mobile Me, Exchange ActiveSync)
Microsoft Exchange account configurations
Nike + iPod saved workouts and settings
App Store application data (except the application itself, its tmp and caches folder).
With iOS 3.0 and later (in addition to the above)
Videos in Camera Roll
Per app preferences allowing use of location services
Offline web application cache/database
Voice Memos
Autofill for webpages
Trusted hosts having certificates that cannot be verified
Websites approved to get the location of the device
In-app purchases
New with iOS 3.1: Videos in the Camera Roll that are 2 GB or larger are not backed up (iOS 4 and later will back up videos 2 GB and larger)
All user documents and settings get backed up, Application settings as well as system settings.
Applications each have a Documents folder that user data can be saved to, so thats pretty much what gets backed up for applications, including app preferences.
These are the Wallpaper locations:
/private/var/mobile/Library/SpringBoard/HomeBackground.jpg
/private/var/mobile/Library/SpringBoard/HomeBackgroundPortrait.jpg
/private/var/mobile/Library/SpringBoard/LockBackground.jpg
/private/var/mobile/Library/SpringBoard/LockBackgroundPortrait.jpg
I have manually managed to find out what gets backed up and managed to solve the problem :)
I downloaded the trial of iphone packup extractor http://www.iphonebackupextractor.com/ and found what I was looking for.
Also it seems like I just had to change the lockscreen in the iPhone since the file called LockScreen.jpg was the picture I was looking for but since I had another lockscreen using winterboard I didnt think of this.
Good luck to anyone else who has problems similar to this.
My app is going to save a flag in the database (core data) saying whether the user is authenticated or not. How easy or difficult is to someone to access the "core data" database and change the information there without going through the App?
I am going to save a flag there saying "this user is authenticated" so he never has to authenticate again. This is a fun app, not a bank app, so I wonder if that's ok.
Putting in other words: Should I assume that a regular iPhone user (not jailbroken of course) will not be able to mess with the "core data" database and this database can only be accessed through its intended iphone app?
This isn't the kind of thing you should use Core Data for anyway. You should instead use NSUserDefaults or the keychain (depending on if you're just storing that flag, or associated user/password information).
The user defaults are there for storing settings, the keychain for private data. Use the right screwdriver for the right screw.
The iOS app sandbox is quite tight on-device. As such other apps won't be able to access your database, nor will the user on-device.
Application data in the app's Documents directory is backed up through iTunes, however. Though I've never tried such a thing, I can imagine a scenario where the user installs and runs your app but is not authenticated. He syncs and the user data is written to his computer. He opens the backed-up resource on his PC (iTunes does encrypt or obfuscate it) and figures out how to change the sqlite database or plist to show himself as authenticated. He then uninstalls the app on his device, then reinstalls it through iTunes, authenticating himself.
If the scenario is possible, you could potentially store the database in the cache directory instead, a directory that's not backed up when the device is synced with iTunes. It means the database would vanish if the user had to restore his device, but that might be an acceptable loss in your scenario, I don't know.
Edit
I agree with jer that the database isn't the best place to store such info, and if you're targeting iOS 3.2 and above, keychain is definitely the better place.
I don't believe a user on a non jailbroken phone would be able to mess with the data.
I have a query regarding BackUp of third party application data on PC.
I am developing an application which can store photos, text, recordings.
The user can add number of photos or recordings.
So at the runtime, size of application storage will go on increasing.
User will never want to loose his data but storage is limited.
Hence taking backup of data on his computer and then deleting from iPhone seems essential.
So what is the standard way of taking backup of third party application data?
Is there any way by which we can save the data on MAC as well as Windows using iTunes?
Is there any limit on amount of storage a third party application can take?
iTunes will perform a complete backup of the iPhone when it is plugged in for sync, which will contain all the application-specific data files. However, the only way to restore this is to restore the entire system image, so that is only an emergency backup, not what you need.
Third parties have typically provided their own backup and synchronisation strategies. There are two broad approaches:
in conjunction with a companion desktop version of the same application (eg. OmniFocus, Things, Four Track)
using a web service (eg. Darkslide for Flickr)
The web services are typically accessed via an AJAX API (or equivalent), but will obviously take longer for backups of large files. The desktop sync products provide their own (eg. OmniFocus uses a WebDAV server) and use an internal sync engine to keep things up to date, and can sync using the WiFi connection.
So either way, you are most likely going to have to write your own server to handle your own backups, and deal appropriately with the file types and metadata. I don't know of a third-party solution to this, but if one exists, it would be very generic, and may not suit your particular needs (eg. for file formats, etc).
So what is the standard way of taking backup of third party application data?
Write your own sync server and connect via WiFi. Start by looking at WebDAV, as you can build something on top fairly easily.
Is there any way by which we can save the data on MAC as well as Windows using iTunes?
iTunes will only do a full system backup. Your best bet is to write your sync server to be portable.
Is there any limit on amount of storage a third party application can take?
AFAIK there is no per-application storage limit on the iPhone. If you provide your own solution, you could do something like archive anything older than 30 days onto the Mac/PC, so you are only keeping recent files. Then allow them to choose "favourites" and those will be kept on the iPhone regardless of age.
You can use iTunes to back up your iPhone. During the process of transferring the iPhone data, you will be asked to back up apps. But if your apps are not from iTunes library, you may not install them when you restore them on devices.