Opening and storing encrypted documents offline in iOS - ios

I have encrypted files downloaded and available for offline view in a folder, I would like to know:
how to open them in the appropriate reader as these are ms office docs and prezi format
I suppose they will have to be unencrypted so that reader can read them but in this case how to ensure security?
which folder to use to avoid iCloud sync, I already read this Disable iCloud sync
Does iOS protects documents of the application by encryption based on app key as I read it or am I wrong?

Speaking extemporaneously, as thoughts occur, Sven is right about UIDocumentInteractionController and that objects are identified by URL.
However, it's possible you don't need to unencrypt your files on disk for this to work. You can probably write your own little URL protocol (subclass NSURLProtocol and implement methods appropriately; you should end up checking that URLs are within the invented scheme you've created — e.g. myApplicationEncrypted:// — then posting data packets to a NSURLProtocolClient) and register it with the device via NSURLProtocol +registerClass.
You'll obviously need to decrypt between disk and protocol client. So you'll be passing unencrypted data on — you'll need to make a trust judgment on UIDocumentInteractionController.
The document interaction controller is documented to work within your app, so there shouldn't be sandbox concerns.

You can send your documents to other apps using an UIDocumentInteractionController object. You initialize it with a file URL pointing to your document and then use one of it’s methods to present it.
This takes care of displaying a preview (if possible) and letting the user select the application the document should be opened in.
The document has to be decrypted for this to work. You then cannot make any guarantees about the security of your file - once it is handed over to another application it is out of your control.
If your app doesn’t explicitly opt-in to use iCloud sync your data will not be synced with iCloud. What will be sent to iCloud are backups of the whole device though (if enabled). There are ways to disable this for single files as you already read in the question you linked.
The iOS file protection is based on a device key, not on a per app key. This also is not necessary because apps are protected from each other by the sandbox, unless your phone is jailbroken. On a jailbroken phone there are no security guarantees.

Related

iOS Storage across Developers

I need to create an integration between my app and apps by another developer. There are several ways to store data for an app, some that allow only your app to access it, some that allow other apps by the same developer to access it. But is there an iOS API that allows you store data publicly on the device so that any other app can access it? This data is not secure and cannot be used maliciously.
May not work for your specific needs, but note you can share documents between apps using UISupportsDocumentBrowser. See also here.
UISupportsDocumentBrowser (Boolean - iOS) Specifies that the app is a document-based app and uses the UIDocumentBrowserViewController class.
If this key is set to YES, the user can set the document browser’s default save location in Settings. Additionally, the local file provider grants access to all the documents in the app’s Documents directory. These documents appear in the Files app, and in a Document Browser. Users can open and edit these document in place.
This key is supported in iOS 11 and later.
This would violate iOS security policies and is therefore not possible on device. The only way to enable this is on a jailbroken device.

Avoid the files inside my iOS app to be easily replaceable

My app is an In-house app distributed via MobileIron. It uses Realm for the database, and also SDWebImage for image caching.
I made some tests, with iExplorer today, and I could see that the files are easily replaceable with this tool. This allows me to update the datas how I want, then replace the file on the iPhone, and it's done.
Anyway, it's not the case with the App Store Apps (files are not accessible via iExplorer).
I know I should may be use encryption for the Realm database, but it's more a general problem in this case.
How can I make sure that the files are not manipulated inside my app ?
Once applications are wrapped with the MobileIron AppConnect wrapper they become integrated into the secure container on the device. Each app becomes a secure container whose data is encrypted, protected from unauthorized access, and removable.
This url will give you more details.

iOS Secure File Storage Issue

I have an iOS app which keeps sync with a database of PDF documents via a RESTful web service. Basically, the app downloads a few PDF's which I am storing to the file system in my app.
I am using the Library/Caches directory.
NSSearchPathForDirectoriesInDomains(NSCachesDirectory, NSUserDomainMask, YES)
My requirement is to store the files such that the user cannot gain access to them in any way. When I write the file, I am also providing the option: NSDataWritingFileProtectionComplete
[decodedFile writeToFile:newFilePath options:NSDataWritingFileProtectionComplete error:nil];
However, I am still able to access the files through Devices -> Select My App -> Download Container...
I need to configure the app such that the downloaded content cannot be accessed by anything but the app itself. There must be a way to do this, but I have been unable to find anything...?
This is not a solvable problem. If this were a solvable problem, then it would be trivial for Apple to prevent Jailbreaking. They would just write a system validation key in whatever place the user cannot possibly access. The fact that Jailbreaking is possible despite Apple controlling every part of the ecosystem should put in perspective your chances of protecting data that you've written to a user's device from that user.
This has been discussed several times, including thoughts on what you actually can do and what's worth doing (nothing is going to be 100%; nothing is even going to be 90%). You can look over the previous incarnations of this question for more. Secure https encryption for iPhone app to webpage is a good place to start, since it includes links to several of the others.

Best place for saving user data for Windows Store App

Disclaimer: I am new to Windows Store App development.
My app is a Windows Store App (for desktop). The app has to create some content using user's input and the data can be considered as documents. Also, the document'd be in a proprietary format. The user should be able to see all those documents listed inside the app every time he launches it.
My question is where to save these document files. I have no issue it is directly accessible to users without using app (it is their data).
The document suggest roaming (limited storage) and local storage. But both are deleted once the app is deleted (bad for the user).
http://msdn.microsoft.com/en-us/library/windows/apps/hh464917.aspx
Document also states that accessing right for My Document folder is granted only if the developer is a company (bad for me).
http://msdn.microsoft.com/en-us/library/windows/apps/hh464936.aspx
Any other popular pattern from developers (apart from Azure, SkyDrive and any online storage)?
On app's first launch, you can allow the user to choose his/her folder as per choice, and then add that folder in future access list. So you can access that folder anytime. Please check below given links.
How can I save a StorageFile to use later?
Exploring WinRT: Storage.AccessCache
Windows.Storage.AccessCache Classes

Reading Files belonging to other Apps iOS

I am currently coding a backup app for iOS, and I want to have options to let the user back up things like Application Data (other app's documents, etc,) Contacts, Safari Bookmarks, and all that fun stuff.
I'd like to know if that's possible, how I'd do it, and where those files are stored, and most importantly, if this is actually allowed by Apple. I read through their docs, and I haven't seen anything that speaks against it.
It's not possible. Your app isn't even capable of reading the documents from other apps. This is accomplished via sandboxing. Every read/write your application tries to do to the filesystem is checked by the kernel to ensure you're staying within your sandbox. The documents belonging to other apps are outside of your sandbox, so you cannot see them.
They aren't allowed. All iOS apps are sandboxed, and can't access other apps' data.
Your app, naturally is in a sandbox, which does not allow you to read outside of the app. If you jailbreak your device, then yes, it is possible.

Resources