Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I want to deploy an iPhone app with names of things as part of the deployed app. The user will see the names after they log in successfully (using a standard existing login service that already exists.). However, I don't want the names accessible by someone who can decrypt the app. In other words, they could decrypt the app and get the strings. See Finding constants from a decrypted iOS app executable and Reverse Engineering Tools
How can I ship the names encrypted and then have the app decrypt it after they log in? It seems to me that whatever decrypting code I write/use would also be available to the person decrypting the app.
It'd be very nice if I didn't have to create a custom server solution just to send the app names once they are logged in. However, it may come to that.
Our top security person is going to be hitting this app hard. So, it has to be airtight security. So the answer in "Best way to securely ship static text inside a iOS app?" won't work.
Ideas?
Update: Can we pre-populate the keystore in iPhone and Android somehow with the secure information such that it cannot be hacked?
Encrypt the items prior to inclusion in the app and do not include the encryption key in the app. Instead pass the key to the app after the user correctly logs in.
Simply use AES encryption correctly, that will secure the data.
It is not important that the decryption method be secret, only that the decryption key be secret.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
I am currently developing an app with Flutter, which is similar in principle to the app "Celebrate". In this app I need to be able to store certain data on the server permanently without the user having to register. How can this be realised?
Example:
the user starts the app and creates an album
the user deletes the app
the user reinstalls the app
the previously created album is still there
I have thought about two possible variants. Which variant is the one I should prefer?
when the user starts the app, I store unique device information in the database on the server. So I always know to which device the corresponding data can be assigned. Does Apple even allow me to retrieve and store device information? Would this be a good solution?
I see that Firebase offers "Anonymous auth". Does that happen to do exactly what I need? In "Celebrate" it is so that even if you reinstall the app, the data will probably still be retrieved. So there is nothing stored locally. Could the developers of Celebrate use this or similar methods?
Thank you for a competent answer!
Getting a unique device ID seems more accurate solution for what you want. Firebase Anonymous Auth will not work if the user uninstall the app.
You could use device_info plugin developed by the Flutter team.
In your pubspec.yaml file add this:
dependencies:
device_info: ^0.4.2+6 // or latest stable version when you see this
To get the data (and ID) of each platform:
// iOS
IosDeviceInfo iosDeviceInfo = await deviceInfo.iosInfo;
iosDeviceInfo.identifierForVendor; // unique ID on iOS
// Android
AndroidDeviceInfo androidDeviceInfo = await deviceInfo.androidInfo;
androidDeviceInfo.androidId; // unique ID on Android
Since iOS vendor identifier can change on app reinstallation or other event, we need to keep it in the keychain with flutter_secure_storage. You could simple check if the key exists or not. If it exists then it's a reinstallation, if doesn't, it's first time. And clearly, set the vendor id on first time.
I see that Firebase offers "Anonymous auth". Does that happen to do exactly what I need?
While anonymous authentication would allow the user to get started without typing credentials, and you can still make them the "owner" of their own content, it will lose all knowledge of the user when you either sign them out or when they uninstall the app.
As #sqew commented, the scenario you describe is actually against Apple's guidelines, so even if it's technically possible it might not be the best choice.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
So the story is:
1) I have video files on a server.
2) I allow users to download these files and view them from inside the app.
Problem:
I don't want users to find these video files from outside the app to prevent them from being shared. Because the video files should be paid for to download.
How to do this?
Note: hiding the files is not enough.
Thanks.
No other app / browsing one can access the sandbox of another app , if you want to protect your content then store the downloaded videos in a directory where you add this attribute
func createDirectory(atPath path: String,
withIntermediateDirectories createIntermediates: Bool,
attributes: [FileAttributeKey : Any]? = nil) throws
NSFileProtectionComplete
The file is stored in an encrypted format on disk and cannot be read from or written to while the device is locked or booting.
See for example the iOS Programming Cookbook:
This is the strongest protection that you can give to your files. By doing so, your
app will be able to read from and write to this file as long as the device is
unlocked. As soon as the device is locked, you won’t be able to read from or
write to the file. When you use this type of protection, free or commercial file
system explorers will not be able to read the contents of your files, even if the
user’s device is unlocked.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I am making an App where on the first screen i have login and register buttons. When i click on register it will ask for user finger prints and then user details. From here I want to store finger prints and user details in database.
And when he clicks on login. Its will open biometric scanner if finger prints matches the database finger prints he will move forward..
Is there any way is it possible to store finger prints in database. If so please give some reference links that guide me towards my goal..
Thanks in Advance
You can not access the fingerprints directly. This is restricted by Apple on purpose (privacy protection). So you will not be able to store them in your database neither.
Touch ID
Your app can now use Touch ID to authenticate a user before accessing some or all content in your app. Fingerprint data is protected and never accessed by iOS or other apps. [...]
Source: iOS 8 for Developers by Apple
Authentication is still possible using the API, but that will only return values like Authenticated and Not Authenticated, with no information about the fingerprint itself.
This question already has answers here:
iOS: How to store username/password within an app?
(15 answers)
Closed 8 years ago.
Hello I am working on an app that need to keep user data. Like username/password. I understand I could do this with plist files (simplest way) but what if the user deletes the app and then redownloads it? The data would be reset I presume. So I was thinking about querying a web server for the data. Is there any other more mainstream way that iOS games keep user data please list them if possible.
You should never store password in plist files, they are just plain text. This would making hacking the users account very easy.
But to answer your question, yes there is such a place it is the Keychain. It is meant to store data that needs to secure.
You should use KeyChain to save info that should not be deleted together with app. https://developer.apple.com/library/ios/documentation/Security/Reference/keychainservices/Reference/reference.html
This SO thread could be useful for you How to use Keychain for saving password like GenericKeychain sample code
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
I want to create iPhone app which is in background then it will track record of all app which user opens.
i.e when my app is in background and user opens music,safari,photo app
then i want record like, music,safari,photo.
can we write names in file ?
This cannot be done. Apple is very restrictive when it comes to things like this.
The way I understand it is this:
Apple limits the API to your app (you can't affect other apps or the OS in any major way-this stop malicious behaviour)
Your app is 'sandboxed' meaning it's on it's own, it can't see if Safari has any pages open, or monitor what game you just exited out of or anything like that. Your app is in effect, isolated.
You can write anything to a file, just getting what you want to write (in this case) is not possible
tl;dr. No, your app is in it's own little 'sandbox' it can't monitor anything but itself, Apple doesn't allow it nor do they provide any programming library to do so.