I have an app that uses copyrighted images that I have permission to use. If a user downloads my app onto their computer using iTunes, they can basically unzip the app file (change filename to add .zip, unzip then show package contents), and see the images.
Is there a way to prevent this? Or am I wrong about this?
To the best of my knowledge there is no way to stop this method of accessing the images; the only alternative I can think of is to encrypt the images and store the encrypted files in the app. Then decrypt the images at runtime.
This won't stop the most determined adversary but would stop people accessing the images without some effort on their part.
A determined adversary will likely be able to get at any files used by an app on a device in their possession.
To defeat a lazy adversary, you might only have to change the file names into something they won't recognize as an image file. Or change a few bytes containing the file type signature at the beginning of each file, rendering the file corrupt. Your app can copy them into a temp file and fix the signatures to display.
Apple reportedly encrypts an App store distributed app's compiled C code. So another possibility might be to embed (portions of) the copyrighted images as hex data inside your source code.
Related
On my app (swift 2.3, xcode 7+, for iOS 9+) I'm write to a file, use the file, and then delete the file from a tmp directory created with NSTemporaryDirectory (on the app sandboxed). Although its a quick automated sequence, for a brief moment the file is written to the tmp directory in order to be used and then deleted.
My concern is: How secure, for that brief moment, is the file stored at tmp directory? Could an attacker get access to the file at the moment it's on the tmp directory?
If you're writing a file just to delete it, you should try to avoid storing the file on the system altogether. If you absolutely have to store the data on the device, you can use the .completeFileProtection option.
According to the documentation, .completeFileProtection will make it so the file is accessible only when the device is unlocked. This means that the only way that someone would have access to your data is if they have your phone's password, are somehow able to remotely unlock it using said password, and then execute code that has access to your app's sandboxed temporary file storage.
As far as I know, this would be very hard to achieve.
I am able to see the source code from my .app file that is i am able access image
files. How can i restrict that? I dont want my user to access the files from app. Please help me in resolving this issue.
Update: Sorry i was supposed to write .h/.m files are not accessed but image files can..
There is a mismatch in type , i didn't observe
You cannot see code from the IPA you upload to the store. No one can see your code. Someone could, however, see you image files, audio files, sqlite files, plist files, etc.
Per your update:
You cannot prevent the files from being accessed. It's like the web: if you can see it, you can steal it.
I developed an Ipad app which download different kind of files, but after a week or some days the downloaded files are removed and the app that open the file can find it anymore.
Could anybody help me, Where should I save downloaded files in my app to avoid that the file came automatically deleted?. IOS usually remove downloaded files after certain time?.
I already read this apple documentation
I know that maybe is not something complicated but I can't figure out why the file is removed If anybody can help me I'll appreciate that.
Put data cache files in the /Library/Caches
directory. Examples of files you should put in this directory include
(but are not limited to) database cache files and downloadable
content, such as that used by magazine, newspaper, and map apps. Your
app should be able to gracefully handle situations where cached data
is deleted by the system to free up disk space.
Most probably you are using caches/temp directory which the system can clear contents of in case of low space. To avoid deletion use Documents Directory.
If you are already storing in documents directory, then the file can appear missing if you are storing its hardcoded path , which can change during app update. Try storing relative path and log the contents of your documents directory to see what files exist.
save the files in your local sqlite db, data core or if you can serialize them with the standard user defaults
I currently have a large .sqlite data store of long string text. It's about 160MB and will grow to about 200MB when I'm completely done. This is a "read only" data set.
What I do now is simply place that file in my bundle and read it during runtime. However, that means the app requires you to download 160MB. Not optimal.
One solution is to gzip that file, ship the gzipped version in the bundle, uncompress it on first run, and put it in the Documents/ folder. This means you'd download far less, but the total size the app uses on the device is (size of gzip'd + size of ungzip'd) which is obviously not optimal either.
I want to use the gzip solution, but after application's first run, I want to delete the .gz version. Is this possible? How do I achieve it? What would another good solution be?
It is not possible to delete a file in the bundle. The app must be signed and if the bundle is modified in any way, it will not pass the signature.
The only other solution I can think of, is to setup a web service, and have your app download portions of your content as necessary. This may or may not be a viable solution, depending on what your app is actually doing.
As Paul says, anything in your bundle is part of the signature.
I can't see this changing as it is a fundamental part of signing apps.
The other classic approach is to compress the data in your bundle, as heavily as possible, so you unpack it when you build the working storage.
I need to store some data files for my blackberry app. These are usually small png files that I download and store locally for performance reasons. Also I need to store an xml file locally.
My question is where are these files supposed to be saved on a blackberry? Is there such a thing as an application's home folder or settings folder in the blackberry filesystem?
What would be the path to such a folder?
This is for blackberry os 4.7 or later.
Thanks!
If it's not a huge amount of data (and by the sounds of it, it's not), take a look at the PersistentStore mechanism. You can store many types of data including native types (String, Integer, etc.) and even byte[] data (for images) using PersistentContent. The nice thing about PersistentStore is that it doesn't require any sort of filesystem access -- it doesn't leave files hanging around -- and if you include a custom class in the persistent store for your app (even a simple subclass of an existing persistible class such as Hashtable), it will automatically delete your persisted data if the app is deleted.
There's no official home folder for your application. In blackberry you can basically read/write just about anything/anywhere (well, you might get a SecurityException/IOException if you'll try do change some files).
You can write to the SDCard/Internal memory using the paths described here.
If you're worried about someone seeing and altering your data there's not much you can do except setting your files and directories as hidden using FileConnection.setHidden(true) but this is very lame since they can still be seen even from the native BlackBerry file browser if the user chooses to show hidden files from the menu.
Edit: You could of course encrypt/decrypt your data but this won't prevent someone from deleting it.