On iOS, I am looking for an API equivalent to the encrypt/decrpyt DPAPI functions available on Windows (with CRYPTPROTECT_LOCAL_MACHINE flag not set).
The objective is to persist some application data locally and making its access restricted to the application itself only.
I've read about the keychain functionality but it seems that the dictionary has user-level access (unlocked during smartphone logon). I would like the application to be the only one who has access to that information, like, typically, having its own keychain.
Any advice on this?
An app cannot access another app's keychain entries in iOS. In principle, it's as if each app has its own keychain.
In iOS, an application can always access its own keychain items, but
not items created by any other application.
http://developer.apple.com/library/mac/#documentation/Security/Conceptual/keychainServConcepts/02concepts/concepts.html
However, see this post for other keychain security concerns.
Related
I just started creating custom client application for IOS, Which i have already developed for PC and Android clients. Idea of these apps is to use SQLite database file, which is created in PC admin app and is actualized by Internet. Development of this application is payed from one company and shoud be distributed to selected group of people.
What i want to ask is how to distribute this IOS application to certain audience of people (who has right to use it)? Should I put it on app store as free app without database file which should be downloaded to iphone from secret site?
The best way to do it is via the iOS Developer Enterprise Program.
As for the data, you could link it to a web API if the data is growing or changing regularly. But for static data, you could distribute it by including it in the application itself. See CoreData and other tools for more information.
You can also release it for free on App Store and provide a custom login. However, this is not recommended as this application is useless for the rest of the world. The only reason you would want to do this is if your custom clients can register on your website or some place else and you want to allow them to access the app. This is generally done for subscription based applications. But I presume yours is not such a case.
There is also Ad Hoc distribution, but with that you are limited to 100 devices.
You can read more about distribution.
Note: this may not be the bust way but here is my solution for it
I established a server and set user credentials on the server before, i share credentials with the client and he/she logs in with them.. Later they can edit their credentials, my app is on the store for any body but someone who doesnt have those credentials can't log in..
What you're trying to do is this:
https://developer.apple.com/programs/ios/enterprise/
An ad-hoc distribution is your solution.
https://developer.apple.com/programs/ios/distribute.html
If you're planning to distribute the app to more than 100 people, go for their Enterprise program:
https://developer.apple.com/programs/ios/enterprise/
I'm developing one application. When I install my app in iphone and if I connect iphone to PC then all my application data will be accessing from iExplorer. Is there any chance to hide my application in iExplorer?
Your application data will always be visible to the user with the right tools. You should not waste any effort trying to obfuscate or hide it.
If you wish to explicitly enable encryption on certain files, you can look into the data protection APIs offered in the iOS SDK. This will protect user files in the case that their phone or device is stolen. The user must have a passcode set for this to work however.
I am writing an SDK which will ship as a static library. Can I access the keychain to store data so that I can retrieve it in another app which also has my library? Seems like Apple would frown upon this, since I did not sign the apps, but am merely a passenger in the app's code.
Was looking at using "SFHFKeychainUtils" to help implement this. Any thoughts?
AFAIK, the keychain can only be shared across apps with the same Bundle Seed ID (which would be controlled at the signing level, as you say). As such, the only apps that would be able to share keychain access would be apps from any single developer. Cross-developer sharing is a no-go.
Check out more iOS security info here in Apple's docs.
What code could I use in an iPhone app to get and set the settings of another app I wrote? (preferably using NSUserDefaults)
You're not going to be able to pull this off with NSUserDefaults.
The Keychain, while somewhat cumbersome in its C-ness and much more limited than the NSUserDefaults API, might allow you to accomplish this. If you can serialize whatever you need to share between your apps into a few strings, it might be worth trying.
From iPhone OS 3.x Release Notes:
It is now possible for you to share Keychain items among multiple applications you create. Sharing items makes it easier for applications in the same suite to interoperate more smoothly. For example, you could use this feature to share user passwords or other elements that might otherwise require you to prompt the user from each application separately.
Sharing Keychain items involves setting up the proper entitlements in your application binaries. Using Xcode, you must create an Entitlements property list file that includes the supported entitlements for your application. The process for creating this file is described in iPhone Development Guide. For information about the entitlements you can configure, see the description for the SecItemAdd function in Keychain Services Reference.
Accessing shared items at runtime involves using the Keychain Services programming interface with the access groups you set up during development. For information about how to access the Keychain, see Keychain Services Programming Guide.
Here's Buzz Anderson's Simple iPhone Keychain Code. You could use it to store key/value pairs as strings in the keychain. It's not much, but perhaps better than nothing. See Apple's Keychain Programming Guide for more.
You simply cannot do that. Each application is installed into its own folder and is given its own, unique user id. The file containing these settings is in the other application's folder and its permissions are set to that of the other application. The only way to access the data is to use the same application identifier as the other application, in which case installing your application would overwrite the old application.
EDIT:
This solution was given when the question was asking to do this using NSUserDefaults, specifically. For the updated question, the keychain approach or the server approach provided are both reasonable.
You can have one app send the data to your server, then the other app can get the data from your server.
You can't do this using NSUserDefaults but it can be done.
You could use a shared clipboard. It wouldn't be secure, but both apps could read and write from the same clipboard. You just need to create an application specific UIPasteboard. Check out the UIPasteboard class reference on Apple's developer site for more info.
--Mike
You should definitely have a look at UIPasteboard, as suggested – you can create a new pasteboard for use by the applications you are creating (though nothing will stop other apps using them, but people are faily unlikely to). A UIPasteboard is persistent through a power cycle / reboot – it will exist until the creating application is deleted.
You could also have a look at the SwapKit libary (which looks very cool):
http://infinite-labs.net/swapkit/
As I understand it, an App ID is an code that's unique for an single application. Every time I start developing an new application, I have to create a new App ID.
But I don't get it what's up with that "provisioning profile". Do I need one for each single app? What's that for?
It's to protect the end users, by having a way to validate apps and their origin. It also serves as a centralized system to control development. On windows most apps use GUIDs for this, but they don't have any centralized info about them. Apple does, which is a pain at times, but it's a valid effort in the end.
The provisioning profile contains a list of devices that are allowed to run or debug your code. Everything is verified with a digital signature, which ultimately lets Apple control distribution. This is why you need to jailbreak in order to get apps from sources outside the App Store.