After successful purchase I save receipt+transactionID into NSUserDefaults. Same information is sent to server to keep a record.
Later(on demand) when user want to download content from my own server, my app will send receipt+transactionID to server. It will find stored receipt by transaction ID sent from app, verify both stored and new receipts with Apple. If some of the keys matched then provide downloadable content.
However, nowadays it's not hard to get hold of NSUserDefaults and extract receipt+transactionID. Even if I place information in keychain, it's possible to capture receipt from internet connection.
Now if someone will have receipt+transactionID, can send a request to my server and get content from any PC. How can I patch this logic without using cryptography?
Although you can patch your logic to make it harder to break, if you want real protection you need some kind of cryptography. You do not need to apply it explicitly - something as mainstream as switching from HTTP to HTTPS will often do the trick.
The three places where you need to protect your sensitive data are on the device, on the server, and in transit.
To protect the data on the device, store it in the Keychain: after all, storing small chunks of sensitive data is the main purpose of adding Keychain to the array of storage possibilities on iOS.
Server protection is a large topic that has been treated in numerous online and offline publications; for the purpose of this answer I assume that your server is adequately secured.
What is left is protection of your data in transit between the device and the server, and between your server and the Apple's server. You can use HTTPS for achieving transport-level protection.
Note that adding all these levels of protection does not make your data absolutely secure: an entity with a lot of time and resources (e.g. a government of an unfriendly country) could potentially discover your keys - for example, by disassembling the physical device, and inspecting the data coming out of the CPU with a logic analyzer. However, the point of this exercise is not to achieve the absolute protection, but to make it prohibitively expensive to break your security scheme. To that end, a combination of Keychain and HTTPS should achieve the goal of making it more expensive to break your protection than to buy your content legally.
Related
I'm making a program that has a feature to sign in using ONLY! A user fingerprint image from iPhone and matches it among various fingerprint images in the database, so if there is any possible way to get fingerprint image from the user in iPhone?
(basically, I want to make iPhone works as a fingerprint scanner).
Many thanks.
No, absolutely not possible. It's against the Apple policy and I would say even their core values. And it is understandable as it would potentially be a very dangerous capability.
From the Apple documentation on TouchID:
To maximize security, your app never gains access to any of the underlying authentication data.
But you can use the provided authentification API (e.g., to safeguard a given sensible operation).
Short answer: API only tells if the fingerprint matches or not, not more than that.
I doubt there is a way due to privacy concerns, not even developers should be supposed to have access to it. Even if that was allowed, security measures should be taken such as having it hashed.
I have written an Android application which, even after termination, still runs a service that listens for phone state transitions. This way, the application was able to detect new phone calls and trigger a certain event, for example the dialog partner's number was stored in a database.
Now I am eager to implement this application on iOS as well, but I cannot figure out if it is even possible to listen for phone calls in a similar way. For all I know so far about iOS, whenever my application is terminated by either the user or the OS, it is not possible anymore to detect new phone calls.
Is there any way I can achieve this, or have I already reached a dead end?
EDIT: As it was said to be too broad:
I want to detect both incoming and outgoing calls at any time. It there a way to do this on iOS 10? I do not want code, I just want to know if it is possible.
Please investigate further App Sandbox principe that Apple is using.
In short:
App Sandbox is Based on a Few Straightforward Principles By limiting
access to sensitive resources on a per-app basis, App Sandbox provides
a last line of defense against the theft, corruption, or deletion of
user data, or the hijacking of system hardware, if an attacker
successfully exploits security holes in your app. For example, a
sandboxed app must explicitly state its intent to use any of the
following resources using entitlements:
Hardware (Camera, Microphone, USB, Printer) Network Connections
(Inbound or Outbound) App Data (Calendar, Location, Contacts) User
Files (Downloads, Pictures, Music, Movies, User Selected Files) Access
to any resource not explicitly requested in the project definition is
rejected by the system at run time. If you are writing a sketch app,
for example, and you know your app will never need access to the
microphone, you simply don’t ask for access, and the system knows to
reject any attempt your (perhaps compromised) app makes to use it.
On the other hand, a sandboxed app has access to the specific
resources you request, allows users to expand the sandbox by
performing typical actions in the usual way (such as drag and drop),
and can automatically perform many additional actions deemed safe,
including:
Invoking Services from the Services menu Reading most world readable
system files Opening files chosen by the user The elements of App
Sandbox are entitlements, container directories, user-determined
permissions, privilege separation, and kernel enforcement. Working
together, these prevent an app from accessing more of the system than
is necessary to get its job done.
I need to take credit card payments with physical cards swiped in an ASP.NET MVC app.
The easiest approach would likely be to have a simple "keyboard-wedge" swipe (USB now days), so that the track data gets sent as keyboard input to a password-type input field.
I have some security concerns with this method, though:
If they swipe the card when the cursor is in the wrong field, full track data is displayed in clear text.
No end-to-end encryption (=card data sitting in clear text in memory / browser cache), and could be grabbed by keyboard sniffer.
Full track data has to be sent to server, from where it will be sent to whatever payment gateway. Of course over SSL in both cases, but this adds the Web server to the attack surface. Interaction directly with payment processor from client would avoid this (if feasible), so that only the masked card # + authorization number or token, etc. would have to go to the server.
I have some ideas of possibly better options, but I am not sure if they are feasible:
A stand-alone credit card device that talks directly to payment processor and integrates somehow with the PC with the ASP.NET app. Perhaps a credit card device that listen on a TCP port through which the ASP.NET app could communicate to it client-side. Or attached via USB and interacted with via a browser plugin or similar.
an small iframe or similar to use a payment processor's "payment widget" directly
use a USB swipe (despite sniffability) + some client-side library to interact with payment processor directly.
I am looking for some feedback and ideas on good ways (reliable and secure) to accomplish this (I plan to also contact some payment processors to see what I can find out from them).
Thanks.
your concerns are valid since the magnetic stripe is practically obsolete. In the United States it is common but in other countries credit cards use a Smart Chip which offers enhanced security preventing cloning the magnetic card.
But there are magnetic card readers that are PCI-DSS compliant, that will encrypt the data using 3DES and will also offer device/host authentication. This devices will allow you to bypass sniffing, using HID mode instead of Keyboard emulation, which allow for direct communication with the device.
When a card is swiped through the Reader, the track data will be TDEA (Triple Data Encryption Algorithm, aka, Triple DES) encrypted using DUKPT (Derived Unique Key Per Transaction) key management. This method of key management uses a base derivation key to encrypt a key serial number that produces an initial encryption key which is injected into the Reader prior to deployment. After each transaction, the encryption key is modified per the DUKPT algorithm so that each transaction uses a unique key. Thus, the data will be encrypted with a different encryption key for each transaction.
Other alternative that I really love is the ones that attach to the SmartPhones on the audio jack. Like the Square device you surely have seen or heard. They have the same principles of TDAE and DUKPT but modulate the data into sounds which are demodulated by the App.
This security steps are needed if you plan to accept credit cards as "Card Present". If you are Ok with "Card Not Present" you can just capture the track data and send it for approval to a Payment Gateway. The Payment Gateway will not know if the card was really present or if you manually typed the info. If you want to have "Card Present" capabilities the payment gateway will require you to use PCI certified equipment.
And about ASP.NET MVC, it is not possible, this must be a client app or software in order to have end to end encryption.
I have contacted several payment gateways and credit card swipe companies and here is a fairly simple way to accomplish end-to-end encryption with credit card swipes in an ASP.NET app:
1) Use an swipe like an IDTech IDRS series swipe (keyboard wedge type - not HID): http://www.idtechproducts.com/download/swipe-readers/doc_download/166-user-manual.html
2) Send the swipe the the processor / gateway, who will inject their encryption key into the device.
3) After configuring the swipe properly, it will send the swipe data strongly encrypted as keyboard input, which you can then pass from the client-side javascript over to the server, which in turn sends it to the payment gateway, which decrypts and processes the data. The swipe will also send certain portions of the data unencrypted (such as the first and the last 4 digits of the card number).
I want to make an application that tracks the total consumption of Internet data or in other words a data tracker. If the set limit is reached I want the Internet data package connection to be disabled.
Is it possible with the iPhone SDK? If yes, then which API and the library should I be looking at?
Manipulating the core system preferences (disabling data packages) and measuring packages sent and received are both outside the "quarantine-zone" of the Apple Developer Guidelines.
If you DO happen to find some tricky way to do this (that is, the private iOS frameworks) you must know that your app will never be approved.
The closest thing that comes to this was the talk about a statistics API, where apps could see the number of calls made, data transferred, etc.
But this was not very well looked upon by the approval board, and will probably not be a reality any time soon.
You can't do this without going the jailbreak route. What you could possibly do is maybe show a notification to the user if they are near to reaching the limit.
To get the amount of data consumed, some service providers provide APIs (I'm thinking of the consume app) where you can get the data consumed and data left from the provider side.
The client is concerned about safety of the data application uses and stores locally on device (e.g. they want to prevent reading our data files even on jailbroken iPhones). So I wonder - what are the possible ways to ensure data safety on iPhone?
Edit:
I'm thinking about 2 ways of storing data - a bunch of xml files (maximum size - about 1MB) or sqlite database. I'm more inclined to the 2nd variant but still not sure
You might want to check out this article - Protecting resources in iPhone and iPad apps. It talks about a scheme to encrypt app resources at build time, which can then be decrypted when needed by your app. Decryption happens in-memory so unprotected temporary files are not left on the filesystem. You can even load encrypted HTML, PDF & images straight into a UIWebView.
For transparency's sake: I wrote that article and it is hosted on my own website.
Any time code is running on physical hardware that's out of your control, it is vulnerable - the iPhone must have the ability to decode the data for it to be usable, and if the iPhone has that ability, so does the user. If the data is valuable enough, someone will break your encryption.
The movie industry spent millions on their DVD DRM. It got cracked in a few weeks.
The commoncrypto library, available on the phone, supports symmetric encryption. You can store the key in the keychain, which is itself asymmetrically encrypted. The key to decrypt the keychain is baked into the hardware so you'd need to go to some lengths to retrieve the data.
(e.g. they want to prevent reading our data files even on jailbroken iPhones). you may use localytics mobile analytics(open source) to find out whether the application has been used in Jail broken iphone or not.. They have premium options also..Lot of mobile analytics are available.you can check..