We have an enterprise iOS SDK that uses Keychain to store highly sensitive information. These information are not available to the client's app.
I've always thought that you need a key to fetch the associated value from the Keychain. But recently, I found out you can ask Keychain to return all the stored keys in Keychain (IMHO, this is a bad design).
Since the client's app can easily fetch all the Keychain elements, I'd really like to create a separate Keychain store for the SDK only. I've looked over SO questions but never found an answer.
TL;DR:
How to create a separate Keychain store in iOS?
You can't.
The security boundary for the KeyChain is the app (Or the KeyChain identifier across multiple apps from the same developer if you enable KeyChain sharing).
Once your framework is embedded in the client app, it is part of the client app. It doesn't have its own context or process space or anything to distinguish its code from the client code.
If code in your framework puts something in the KeyChain then, to iOS, it is the client app that has put something in the KeyChain, and there is no reason to keep a secret from itself.
Even if you could create a KeyChain just for your framework, presumably the code that puts the information in the KeyChain is in your framework, so an attacker could just decompile your framework to obtain the information.
Related
I'd like to use Keychain Services for iOS to store the OAuth access token and refresh token that my app need to perform Web services requests. I've been reading the Keychain Services Programming Guide and I downloaded the GenericKeychain sample code, but I'm getting confused:
Code provided in document is different from the sample code... which approach should I follow?
I read somewhere that you need to enable Data Protection in Member Center for the App ID and its associated provisioning profile. However, I didn't read anything about enabling Data Protection in Xcode for the target's capabilities, and it seems that I could access the keychain anyway... this is weird, but I guess I should enable Data Protection in the Xcode project as well, right? Where is this Data Protection stuff described in Apple's docs? Is it somewhere said that I need to enable it for Keychain management? I don't find it...
Samples I found use the kSecClassGenericPassword class for the keychain items. Since I want to manage OAuth related information, is there any better class I should use? Maybe kSecClassInternetPassword? What is the difference with kSecClassGenericPassword?
Is it recommended to instantiate a kind of KeychainWrapper class, or would it be better to access keychain related methods as class methods?
Thanks in advance
Q3:
According to Apple
documentation
You use Internet passwords for accessing servers and websites over the Internet, and generic passwords for any other password-protected service (such as a database or scheduling application).
As you know many apps use keychain to save user login name and password, but is it really safe? especially on device jail break mode. So another solution is to use Outh2 protocol to save those confidential infomation on server side which needs many changes on both client and server side (for my app).
How do you guys handle this tough issue? Anyone who knows please share and thanks in advance.
Keychain:
It has two level encryption options
lock screen passcode as the encryption key
key generated by and stored on the device)
But when the device is jailbroken its not safe too.
oAuth:
Eventhough you store credentials in server you'll have to save the OAuth TOKEN in client side there is no place better than keychain to store it in client side.So now comes possibility of extracting the TOKEN on jailbroken device.
As far as I know in most apps they use one of these approaches.
If you need those data to be very very secure.
Suggestions:
Store OAuth token in server not in client
Store the Encrypted Credentials in Keychain and store the encryption key in server.This approach would be easy for you since you said adopting OAuth is hard for you.
Note:
There are some open source libraries available which detects if the device you run or app is cracked if so you can take action like deactivating TOKEN,deleting critical resources,locking app etc.
How this app Keychain2Go get all the keychain on iPhone and delete them?
As what is said in Apple's document:
In iOS, an application always has access to its own keychain items and
does not have access to any other application’s items. The system
generates its own password for the keychain, and stores the key on the
device in such a way that it is not accessible to any application.
When a user backs up iPhone data, the keychain data is backed up but
the secrets in the keychain remain encrypted in the backup. The
keychain password is not included in the backup. Therefore, passwords
and other secrets stored in the keychain on the iPhone cannot be used
by someone who gains access to an iPhone backup. For this reason, it
is important to use the keychain on iPhone to store passwords and
other data (such as cookies) that can be used to log into secure web
sites.
But Keychain2Go really can. How?
As far as I understand from the documentation of Keychain2Go it provides all the secure information of your Mac in iOS device. So it does not have any ability to change the iOS keychain items.
On iOS
For the first time ever, you can now access your Macs keychain on your iOS Device. You get full access to your keys stored in Keychain2Go. Never again you fail to login to your web mail account when abroad and you forgot your password on the Mac at home.
I was just reading through some source code for an iOS application and I'm curious about the security of the same. It seems that the access group of an application can be specified in the entitlements it was built with. However, if a user unknowingly installs malware which tries to be part of a particular group and read the data stored in the storage, isn't it a security issue?
Is the Apple Application Screening process the only thing that stops the above attack? Or is there some permission management concept that im missing out? Thanks!
No, this is not a security risk. Provisioning profiles determine which access groups apps are allowed to claim access to, and provisioning profiles must be signed by Apple in order to function. Apple will only let you claim access to access groups created by other apps in your developer account.
The other answerer is mistaken; he/she links to a tool which is only for jailbroken devices and must be run as root, bypassing the standard iOS security mechanisms which apply to most devices.
Yes, it's a security hole. For example, this tool can dump all the sensitive info in the keychain, including Wi-Fi and mail/facebook/any passwords off of your device.
Rather confused about this.
I'm storing the user's username and password inside Keychain in my app, does this constitute an encryption feature in accordance to the App Store Export Compliance? Or does this concern things like SSL?
Thanks
I submitted the app without ticking the box for encryption data and it was accepted. It seems that keychain does not effect this.