just to be more specific, I would like to know more about the system files that can be accessed with regards to a jailbroken phone.
From what I understand, each ios application has its own sandbox. A phone has root access once it is jailbroken, allowing creation of 3rd party system applications which result in accessing the system files. However, if I am not wrong, the sandbox is still there just that it has lesser restrictions hence allowing accessing of system files?(not sure about this part too).
So for a jailbroken phone, what kind of critical system files are we able to access from our created application that will go through the sandbox and which are not accessible from a unjailbroken phone? Is contact list a part of the critical system files, although I believe we are still able to get contact list without a jailbroken phone using the Address Book frameworks.
I may be wrong, but my term of Critical system files refers to system information that normal users would not like others to get hold of so I was thinking if contact list is part of it even though it does not require a jailbroken phone.
Without taking Tweaks into consideration, an app is able to read/write/execute in the root directory /. Tweaks are able to do whatever they want (just like the app would - even an Apple pre-installed app), depending on where they are hook-ing. For example, a tweak I was working on for MobileSMS (the SMS app) can give me the passcode of your iCloud account stored in the keychain by default.
Long story short, jailbreaks equals zero security for an average user. On the other hand, there is only one exploit (at least to my knowledge) currently, that attacked iOS and came from GeorgiaTech a few months ago, hidden in an app on the App Store.
Related
My question is a follow up to this question.
Let's assume I have an Android Tv stick, I also am the vendor. There are 3rd party apps like Netflix, Prime, etc. I want to access the channels provided via TvProvider or ContentResolver. As pointed out in one comment:
apps vendors signs with the same key as an AOSP itself
placed them in a special folder - only vendors of devices can do it
or you, but only on rooted devices
How are my possibilities for the options above?
Using one of the proposed options you will be able to get all channels from the TvProvider inside the apps with signature /signatureOrSystem protection level. I don't know the specifics but I assume they may be different for different ROMs you may use. You will be able to retrieve the data from TvProvider the same way you are able to do it in your own app - this answer has links to examples from Android system app.
You will be able to render Rows from the data via leanback library in your own app(I don't know whether it should be a launcher or just an app). After the user by clicking on a card will enter the app that provided the content and view it there. You will not be able to view the videos inside your own app even if it is a system one because you would have to have access to the backend of the app that provided the media and that information is not stored in the TvProvider. The media inside a TvProvider is rather a simple link to a content page inside the other app.
There is plenty of info online about modifying ROMs, creating signatureOrSystem apps I cannot dive a specific link because I cannot verify its validity, because I haven't tried to do such things with TvProvider in specifics and Android OS in general(except for the root and disassembling and modifying already existing apps from the device vendor - also plenty info online).
I am trying to build a mobile monitoring tool/app for iOS without Jailbreak. The only possible way to perfectly access all installed app's content is through iCloudKit.
Also I found Apple's MDM come a little close to this for BYOD devices but yet accessing individual application's data is not possible.
During all this process, I came across some website fonemonitor and phonemonitor (with and without) who claim to do the same without Jail Break.
So here is my question is it possible to take any application's data if we get access to the users iCloud account? Also, are all public, private and shared data accessible via iCloudKit? As the documentation clearly states private data is untouched.
How does app monitoring work for any iOS Devices through these websites. Any lead would actually help!
Is is possible to dynamically figure out the position of an app's icon on the home screen of an iphone/ipad?
Sorry I don't have enough credit to comment yet so I'm posting here.
To my knowledge no you cannot natively or easily do this. I know of no open source or other libraries. The reason being that your app exists in its own world, it is not in touch per say with the rest of the device. It can get permissions to read and write data but it doesn't know of itself.
Does that make sense?
When you open a website it cannot know which tab it is in the browser. Instead it knows how it was accessed and what device (physically) is using it. It knows the user-agent, the time, the browser, etc because that is information sent to it in the request. In turn the phone on launch gives data to the app in how to handle it but not for example how many other apps are running, or where it is on the screen. It's not normally considered relevant to run time. In addition it's a security feature in preventing an app from deleting or altering other apps, as well as itself. If you have an iPhone you will notice that SIRI cannot turn off google maps navigation or any other non-apple specific app. Only apps natively comparable and private party ones (ex apples) are accessible because Apple did that intentionally. They all know of their own existence and each others. However non-native in the sense of apps that do not come preinstalled and manufactured by the company creating the device are less trustworthy, in addition there are no guarantees about how they will be run by the device, where they will be, or what other apps will be there.
It is true that an app can request for another app it may be comparable with but it is up the user to handle that information.
May I ask for curiosities sake why you are trying to do this? Are there any other workarounds?
However in terms of it being physically possible, yes. I doubt that apple allows independent developers to do this however. But an example of this occurring may be gridlock where a user can move their apps around differently on the screen. The app in this case has the ability to access app position. But I believe in this case app position is about the UI and not about nested files. apps cannot to my knowledge modify information outside of their own file. Imagine if you had an app that could edit other games scores.
It is not possible to dynamically find out the position of an app's icon on the Home Screen (even for jailbreak apps). Apple wants you to respect the user's privacy settings.
Extra Info - There is popular JavaScript library that adds a promo bubble to the bottom of your mobile web application, inviting users to bookmark the app to their device's home screen.
Scenario:
I "control" two different apps, App A and App B, both which the user has installed
App A is running
App A needs to obtain a string that was set by App B when App B last ran.
After obtaining the string, App A will still be running
User should not receive any feedback this communication is happening. E.g. no "switching animations" between A or B, no pop-ups, etc.
Constraints:
Apps are released under different vendors
Apps are already in the app store; updated versions will have this communication ability.
It is acceptable for the data stored in App B to be accessible to other apps on the device.
It is not acceptable for the data stored in App B to be visible to general third parties (e.g. if an external server is used, there needs to be some sort of secured scheme)
The data read should be able to occur immediately upon App A being opened after install. For instance, I cannot require the user of App A to enter log in credentials for an external communication service.
Must work on non-jailbroken devices.
This is seeming rather difficult to pull off in iOS7. Help is appreciated.
Tricky work around. Not recommended, but it will get the job done if you can't afford servers.
On the first app create a contact in the user's contacts book. Give it a generic name like "000 - NameOfAppB Data - Don't Delete" (I start with "000" so it goes to the bottom of the users contact book so they never see it, I also add "don't delete" so if the user does somehow find it they don't delete it hahaha) (who looks at contact books anyways). In the contact info under notes add your NSData in string format.
Then when app A is opened search for that contact, read the data, then delete the contact.
Apple does allow you to create and delete users contacts without their permission. (At least in 2011 they did, this may have changed).
This might serve your purpose
https://developer.apple.com/library/ios/documentation/Security/Reference/keychainservices/Reference/reference.html
I am not sure of its limitations though, i have seen implementations where credentials have been shared between apps.
I am currently coding a backup app for iOS, and I want to have options to let the user back up things like Application Data (other app's documents, etc,) Contacts, Safari Bookmarks, and all that fun stuff.
I'd like to know if that's possible, how I'd do it, and where those files are stored, and most importantly, if this is actually allowed by Apple. I read through their docs, and I haven't seen anything that speaks against it.
It's not possible. Your app isn't even capable of reading the documents from other apps. This is accomplished via sandboxing. Every read/write your application tries to do to the filesystem is checked by the kernel to ensure you're staying within your sandbox. The documents belonging to other apps are outside of your sandbox, so you cannot see them.
They aren't allowed. All iOS apps are sandboxed, and can't access other apps' data.
Your app, naturally is in a sandbox, which does not allow you to read outside of the app. If you jailbreak your device, then yes, it is possible.