Could you tell me how would you secure a text file in iPhone app? Let's say you write a text in the app. I would like it to be secured, so even if you have access to the device you still need to enter a specific pin to be able to display the text. I don't want the text to be available on iCloud, only in the specific app itself. Are there any easy and secure ways to do it? I'm total newbie and I will really appreciate any answer :) Have a nice one!
Encrypt the file before saving it to local file system using single key encryption algorithms. Ask the user to enter the key while decrypting, use the key to decrypt and show it :)
How to do it ?
So when user creates/edits a file, create it in temp folder of your app bundle. Content in this folder is not backed up by iCloud and kept temporarily hence the name temp folder :)
Once he is done with editing it, save it in document directory of your app bundle. But because the content in this file can be viewed using third party apps or can be backed up by iCloud, encrypt it before saving it to local document directory.
Which algorithm to use ?
Depends on your requirement. I don't think you need Private and Public Key encryptions looking at your requirement. You can make use of any single key encryption algorithms. I have used https://github.com/RNCryptor/RNCryptor
and it works pretty well. Try it
Happy coding
Related
Is there any way to save a file (to be exact, a .csv) somewhere outside the application sandbox? From what I've read it seems like it is only possible to save files inside the sandbox.
Maybe I'm thinking about it the wrong way, maybe I don't really need to save it outside the sandbox. What I actually need to do is:
Allow the user to save the file, so that he can use it in other applications (for example email client), and it would be best if the file would stay on his device after he deleted the app. The location of the saved file doesn't really matter, it could be chosen by user with some file picker or hard-coded. Is there any way to achieve this?
I'm using xamarin.forms so solution easy to implement in xamarin.forms would be much appreciated.
From what I've read it seems like it is only possible to save files inside the sandbox.
That is the general idea. You don't just have access to the filesystem on iOS. You could work around this by maybe saving it to iCloud or Dropbox, etc. depending on your use-case but basically you can't just save it somewhere common. Normally, you would then implement the 'share' functionality. What happens then is that iOS copies the file into the other apps' sandbox so it can work with it.
I am learning iOS file system to store my game data like saving the amount of money earned and things like this in a xml file.
The question is where should I store them?
I read this: File System Basics
And I don't know that I should save data in Documents directory or Application Support directory.
Because the data I want to save is something that is not associated with user's documents and user will never see it so it should be in Application Support, but on the other hand it's something that is affected by user interactions so it should be in Documents.
I think it is the Application Support/MyGame as per the Apple Developer guide link shared by you. You are confused by the fact that it should not be something affected by user interaction. Actually it means user should not directly interact with these. See this from the link: File System Basics
Using something like Parse may slow down your app as it needs to interact with their server, but you do get a backup.
For something of this size, I'd use a mobile backend solutions provider like Parse or Firebase. Personally I use Parse in my projects and is very easy to implement advanced functionality into your apps like user registration/save data to users.
Hope this helps.
I have saved a text file from my app and I can open it again, but is there any way the user can gain access to this file to just do whatever they want with it? I tried printing the path which looks like this : /var/mobile/Applications/2DD5A15B-9BC8-4981-A1F6-E22F66C71CA4/Documents/ I'm assuming that huge number is some type of app identifier, which leads me to believe that this file isn't going to be accessible unless you're in the app. Which makes me wonder, why would writing a file be any better than just saving a big string to NSUserDefaults?
I am building an app where the user should be able to do some data logging. If the user can sync their phone with their computer and download the file that would be awesome. Can you do that? Or do I have to build in functionality so that they have to email themselves the file or something?
I'm assuming that huge number is some type of app identifier
It is. It's an UUID.
which leads me to believe that this file isn't going to be accessible unless your in the app
...unless you are in the app (or, unless the device is jailbroken, in which case it's plaintext for anyone interested).
why would writing a file be any better than just saving a big string to NSUserDefaults
Conceptually, it's not a setting. If you have some data, an entity, then write it to a file. NSUserDefaults is not appropriate for storing large amounts of data. It's for storing user preferences (which are volatile!), nothing else.
made of the concept of iOS this is also called sandboxing.
if this would not exist, it could be possible to change or getting data of other apps.
If the user can sync their phone with their computer and download the file that would be awesome. Can you do that? Or do I have to build in functionality so that they have to email themselves the file or something?
you can use the awesome iCloud.
check here:https://developer.apple.com/icloud/index.php
How can I protect files in my application "Documents" directory? Using iFunBox, or another application like it, anyone can to see, what application store in it's documents directory. So if I want to store some private data, or information about in-apps status, gold, achievments or something else just in .plist-files it will be not safelly.
Maybe there is a best-practices for iOS application how to secure and protect their data?
It is not possible to truly secure data from the user. It is naturally secured from other applications, but the user is always able to get access to everything on-disk or in memory.
That said, if you have data that the user is not supposed to access, then you should not store it in Documents, since this is backed up via iTunes. You should store it in Library. See "The Library Directory Stores App-Specific Files" in the File System Programming Guide for details on each possible location and how it is treated by the system.
Applications you make for iOS are sandboxed, i.e., the apps feel like they are the only thing on the system. As a result, they cannot access any place outside the app. You are restricted to using the Documents, Library folders which are visible to applications like iFunBox.
Your best bet is to hash out the data and then store them to files, so that if anyone tries to edit your files it results in a hash mismatch, that you can read in your application, and make your data secure.
I have been searching this thread to find the best way to hide the data structure for a Sqlite file used by Core Data in an iOS app. I have found many questions that address the desire to keep data from the end user, but I am primarily interested in protecting my data structure (and secondarily, to keep the user from messing with his data). I am currently using Dropbox to back up my app's Sqlite file, and as it stands, anyone can open the file and see the data structure. In my new app, I would still like to use Dropbox, as it has worked well so far; but I do not want the end user to be able to open the database file. I just want the app to be able to upload or download the file.
It seems as though encryption of the entire file may be overkill, and I do not want to encrypt individual fields because I am more interested in the structure. I have seen a couple of posts that have asked about password protection/encryption, but usually the answers address encryption, and I have not been able to find much on password protection.
From what I have learned (and please correct me if I am wrong):
1) CommonCrypto would be best for field level encryption and is probably not what I am looking for.
2) OpenSSL and SQLCipher will encrypt the database, but may slow performance (and may be overkill for me)
Is there a simple way to provide password protection for the SQLite file, and still be able to read/write with Core Data? I realize that I would have to store the password within the app, which would make it fairly easy for a hacker, but I am okay with this. I am just looking to provide one extra level of protection for myself (as far as the data structure) and for the end user (so that they can't muck with/mess up their data).
If you are only concerned with the Sqlite file that you are backing up to Dropbox, you can using something lightweight like ZipArchive to zip and password protect your file before saving it.
http://code.google.com/p/ziparchive/
Cheers,
Rog