I have several plist files in my app, that I want to be non human readable, or editable.
The idea is to encode them using another app, then drop them in the normal iphone app just for decoding and processing.
I have drooped encryption because 1st, I don't need something with strong encryption, and 2nd because of the app store procedure for encrypted apps.
Can anyone suggest me how to proceed? What is the simplest (not the best in terms of encryption) method implement?
Please assist!
iPhone applications are "sandboxed", meaning that applications cannot read each other's data; each application has associated with it its own username and group, along with its own set of folders that it owns. An application cannot access the folder or data of another iPhone application. Therefore, the requirement doesn't really make sense. You should simply use NSDictionary -writeToFile:atomically, and NSDictionary -initWithContentsOfFile to read/write the data to/from a PLIST. If you need to add encryption (because you are worried about two people sharing the iPhone, or something like that), then I suggest you encrypt the individual entries before placing them in the dictionary.
Edit
Based on your comment below, it appears that you are trying to prevent people from pirating your application, rather than trying to protect user data as the question implies. Unfortunately, it is always possible to pirate an application. Anything ranging from obfuscation to using certificates to asymmetric encryption to running a checksum over the application binary can all be bypassed or defeated. The best way to deter piracy is to have a quick iteration cycle and to place most of your data in the cloud, where it is frequently changed and updated, as doing so diminishes the value of any pirated snapshot of the application. That said, it is generally a good idea to consider software piracy as simply a cost of doing business. Most users will not pirate the application, and since all the various methods for protecting your application can (and will) be defeated, the costs of implementing such things is generally not worth it.
Take a look at the NSDataWritingOptions of NSData. There is built in encryption for binary plist files. I've never used it so I don't know how easy it is for someone with developer's tools to defeat it. It should however provide protection against casual thievery.
However, if your worried about about other developers stealing your content, your best protection will be copyright. Copyright protects content, that's what its for. Make sure to include a copyright in the actual plist as part of the data. Stick a copyright in every resource file e.g. images.
Related
Recently we developed and published a mobile banking app on the app store, for a big banking organization. The bank hired a security firm to perform ethical hacking over the app to see if it, in anyways compromises confidential data.
We recently received the hacking report from the firm, which in-spite of saying that no serious security issues are present, contains a list of all the class files, method names and the assembly code of the project.
Now the client insists that we fix these security loop holes and republish the app. However we don't have any idea how did they manage to get all these details from the application's IPA. I searched this over SO and found a particular post mentioning this link, which states that you can't save your app from being hacked.
Please help me how to fix these security vulnerabilities , or if not possible, how to convince the client.
Edit:
Recently came across this page. Seems like EnsureIT from Arxan can prevent app IPAs from reverse engineering. Anyone experienced with this?
There's always a risk involved. Even if you don't introduce vulnerabilities yourself, the platform may allow for exploits which in the end may offer an entry point for a malicious attacker.
As to your question: It is not safe to assume that a hardcoded URL, even if obfuscated beyond belief, can't be peeled out of your product. Always design your apps such that safety of user data is guaranteed (as far as possible) even if built in ressources get compromised. If the knowledge of that URL alone poses a security threat, then your whole approach and your clients API is inherently insecure. Remember that such information could possibly be captured by a man-in-the-middle attack (and other modes of attack) as well.
Avoid security by obscurity. Store sensitive data only on disk if it is necessary. As a rule don't allow PIN / TAN storage.
Some thoughts which may (or may not) convince your client that your app is as safe as it can be:
As long as the app runs on a non-jailbroken device, it is unlikely that an attacker, even with knowledge of your apps internals is able to get to any user data, because the iPhone normally doesn't offer opportunities to interfer with your app
If the attacker is able to get to your users data, and provided you have been protecting that data with all means available under iOS (-> keychain -> crypto chip ->...), then it's not your fault. It means the device is either jailbroken or there are vulnerabilities to the system itself which have been exploited, you just can't do anything about either possibility.
It is impossible to prevent reverse engineering of your app. Even if you had put more effort into obfuscation, an attacker with strong motivation would still be able to get what he wants. Your client needs to get used to this as it's a fact.
Other platforms suffer from similar vulnerabilities, yet on the iPhone at least you have a somewhat closed environment and a reduced risk of being attacked with trojans and the like.
The governments and security firms get hacked on a regular basis, although they should now how to protect themselves. This means life is inherently insecure, cope with it.
I was recently researching over this and I found this article helpful, especially the part quoted:
The code for a native app is stored in the form of a binary executable file, which is further encrypted; its decryption is performed only when the executable file is loaded by the processor into the random access memory and the whole decryption process happens at the hardware level. That is why it is very hard to create offline decryption tools. The only way to decrypt encrypted binary data is on a jailbroken device with a few special tools installed.
Security in iOS: Protecting .ipa File Content by Stoyan Stoyanov
I've searched the web for this bit to no avail - I Hope some one can point me in the right direction. I'm happy to look things up, but its knowing where to start.
I am creating an iPhone app which takes content updates from a webserver and will also push feedback there. Whilst the content is obviously available via the app, I don't want the source address to be discovered and published my some unhelpful person so that it all becomes freely available.
I'm therefore looking at placing it in a mySQL database and possibly writing some PHP routines to provide access to my http(s) requests. That's all pretty new to me but I can probably do it. However, I'm not sure where to start with the security question. Something simple and straightforward would be great. Also, any guidance on whether to stick with the XML parser I currently have or to switch to JSON would be much appreciated.
The content consists of straightforward data but also html and images.
Doing exactly what you want (prevent users from 'unauthorized' apps to get access to this data') is rather difficult because at the end of the day, any access codes and/or URLs will be stored in your app for someone to dig up and exploit.
If you can, consider authenticating against the USER not the App. So that even if there is a 3rd party app created that can access this data from where ever you store it, you can still disable it on a per-user basis.
Like everything in the field of Information Security, you have to consider the cost-benefit. You need to weigh-up the value of your data vs. the cost of your security both in terms of actual development cost and the cost of protecting it as well as the cost of inconveniencing users to the point that you can't sell your data at all.
Good luck!
I am working on an iPhone app that uses CoreData(with SQLite) to stores some sensitive biographical data that is downloaded via a Restful Web Services for offline use in the device.
I am worried that the competition could pay a subscription and extract the .sql file via SSH with a jailbroken device, and make copies of the data that has taken us so long to collect and maintain, and is the foundation of the service.
I was wondering if someone could suggest a way to make it more complicated for them to extract this data. I also store some HTML files with sensitive information in the Resources group that i would like to make harder to extract.
Thanks,
Security by obfuscation almost never works.
You should properly licence your application instead of trying to do this sort of thing. If someone really wants to have access to your sensitive data they will surely find a way to do it.
I would point out that under American and EU law, you can copyright a database i.e. a specific collection and/or order of information, even if the individual units of data exist in the public domain.
It's just like an encyclopedia. A encyclopedia is a collection of facts that belong to no one but the collection of facts constitute something that is copyrightable.
Copyright is the only possible protection against someone who buys access to the data in the software.
You could encrypt the data before your write it to the DB. Note that using encryption may have implications for selling your app in different countries around the world. This
thread might be helpful to you.
The problem with a jailbroken device is that the attacker has more control than you do. There is no place where you can hide information, most importantly encryption keys.
There is nothing keeping your competition from stealing this data if the want to obtain it. You are looking for security though obscurity, and you are wasting your time. Consider a different business model.
Is there a way to decompile the binary from an IPhone app.
I jailbroke my IPhone and was surprised to find other app's dbs wide open to be copied.
So I exported my most important table and hardcoded it into code.
Instead of loading table into array from a db I just generated code to fill the array and kept only the most basic DB info so relationships still work.
Took a while but now works fine.
I was just wondering am I safe, could someone decompile the binary for the app easily and extract the data. In Java its easy to decompile *.class files though thats bytecode where I presume iphone apps are more low level.
I know IPhone sdk 4 can mark files as secure. Anyone know can this be overridden by jailbreaks or is this an unix lock?
Short of encrypting that data, you are really only protected by peoples lack of motivation. If someone with enough motivation wants to look at the data, they can. Even if you encrypt the data, if they key is in, or generated by, your code they can find that too.
To be honest Apple couldn't secure a brick. The iPhone has been almost continuously jail-breakable seance the beginning. Users (read hackers:) have more control over the device than developers. There is no way that you can truly secure content on the device. If encryption is used, there is nothing keeping the attacker from obtaining the key. (He has control over all libraries and can hook any function call he wants.)
It is common to see developers fall back on Security Though Obscurity, and I'm not going to entertain these ideas. If there is data on the device, a hacker can and will make a copy of it.
I jailbroke my IPhone and was
surprised to find other app's dbs wide
open to be copied.
No. There is nothing wrong with this. It has to be stored somewhere.
So I exported my most important table
and hardcoded it into code.
Bad move.
A jailbreak from a priviledge domain is a vulnerability in the phone and is not your problem. There is nothing you can do about that, and even encrypting your data will not save you because all privileged code on the phone will be able to access the encryption keys.
In other words:
Code will not normally be hostile and steal your goods. The only reason it would is because the user downloaded bad code onto the phone or a remote exploit took place.
My client wants to encrypt/compress the html-code for their medical books in the iPhone bundle, to protect their IP.
Whats is a good way to prepare this file for the app bundle, and what complementary libraries (C, Obj-C) should I use to do the decryption and decompressing on the first launch of the app?
Copying the file to ~/Documents, then working on it seems like the best solution. Thoughts?
Here's a few thoughts.
If the book text is all alphanumeric data, then don't save the data as ASCII - save them in your own binary encoded format (for instance use 5 bits instead of 8 and pack into words). That gives you a bit of compression, slight obfuscation and a very cheap (in clock cycles) decompression. You would have a data format that is quick to access on the fly and will keep the casual curious hacker out of the text. Clock cycles would be my main concern and security second.
Another idea is store the decrypt key for a typical Blowfish encryption in obfuscated format in the app. Split into two or three constants that require some odd operation to restore for instance. But of course, now the overhead of Blowfish or whatever will be your concern.
Since you will not be able to implement perfect security (perfection is extremely expensive), the IP owners will have to use traditional copyright and trade secret techniques to fully protect their property. You've made it harder to hack, but it's still up to the lawyers to be diligent, just a book on the shelf in the reserved section of the library (no photocopies please!).
Cheers
This is quite tricky... almost impossible to make it really unbreakable. Any reasonnably motivated person will be able to pierce through it. You'll only make it a little harder to do. In any case, you definitely can't store any secret key in the bundle itself. You'd need to securely obtain the decryption key over a secure channel from a server and use it as needed. Even then, someone doing jailbreak would probably be able to run GDB over your running program and extract the secret key in RAM + the secret key would be shared amongst all users of your app... You're essentially trying to implement a DRM scheme, which is inherently flawed by design... Unless you need offline access, you might want to pull the data as needed from a secure erver... at least you "could" throttle information leakage...
I would keep the documents encrypted if I were you and just decrypt them as needed. One would easily be able to access the decrypted documents on a jailbroken device.
See the "Security Overview" document and the CryptoExercise sample code for encryption techniques
You probably won't like it, but the best way is to just not use HTML. Once you pass the decrypted HTML to UIWebView, it is very easy for a malicious user to steal it at that level, defeating any purpose your encryption algorithm had. A UIView subclass with custom drawing code and a custom encrypted backing format will be much more difficult to work around
From Mac OS X and iPhone OS Security Services:
You can use Keychain Services to
encrypt and store small amounts of
data (see Keychain Services Reference
and Keychain Services Programming
Guide). If you want to encrypt or
decrypt larger amounts of data in Mac
OS X, you can use the Common Security
Services Manager (CSSM) Cryptographic
Services Manager. This manager also
has functions to create and verify
digital signatures, generate
cryptographic keys, and create
cryptographic hashes. In iPhone OS,
the Certificate, Key, and Trust
Services API provides functions for
generating encryption keys, creating
and verifying digital signatures, and
encrypting blocks of data; see
Certificate, Key, and Trust Services
Reference.
It's always a choice between performance (encryption just doesn't come free) and security (security and everything else, really). But what else is new? If you keep the individual files small enough, maybe decryption doesn't slow you down much. Alternatively, you may consider predictive decryption such that you have certain files being decrypted in the background, say those linked from the currently viewed file, etc. I realize, however, that concurrancy on the iPhone may be pretty spotty (I don't know as I haven't dropped the cash for a license). You may also realize performance gains by only encrytping those files that really need it; does an index/table of contents or other often accessed file really need to be encrypted? Does that count as IP your client is worried about?
For compression I can recommend QuickLZ (fastest engine I saw, great compression ratio).