Toggle sidebar Toggle sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iOS Protect App resources from prying eyes?

T

thisma

macrumors member
Original poster
Hey,

I'm looking for a way to protect / encrypt some proprietary files that my app needs to operate. I seem to not have the correct words to find the answer via google or the Apple developer documentation.

I want to make sure that, if a person opens the ipa files and starts poking around, these files will not be readable.

- Joshua
 
thisma said:
Hey,

I'm looking for a way to protect / encrypt some proprietary files that my app needs to operate. I seem to not have the correct words to find the answer via google or the Apple developer documentation.

I want to make sure that, if a person opens the ipa files and starts poking around, these files will not be readable.

- Joshua
Click to expand...

That would be "encryption". If you're including them as resources than anyone can open the backup and the app bundle and find your files. To make them unreadable you need to encrypt them and have your app decrypt them before it uses them.
 
thisma said:
I'm looking for a way to protect / encrypt some proprietary files that my app needs to operate. I seem to not have the correct words to find the answer via google or the Apple developer documentation.

I want to make sure that, if a person opens the ipa files and starts poking around, these files will not be readable.
Click to expand...

You can never defeat a sufficiently determined attacker; the best you can hope to do is make it prohibitively difficult so that none of your users invest the time to defeat it.

In this case, a user could load your running app into a debugger and extract the decryption key from memory.
 
It's usually not possible to defeat a determined and skilled attacker with physical access to standard consumer hardware.

There is the question of whether the methods that can usually defeat lazy or unskilled snoops (e.g. those too lazy to even google for the tools written by the skilled attackers) from prying into your content are of sufficient value for your purposes.

e.g. a really simple substitution cipher might be enough to keep your little kid sister from reading the secret password to your club's treehouse.
 
Encryption Indeed

Thank you for all the responses!
Unfortunately I still feel stuck.

ghayenga said:
That would be "encryption".
Click to expand...

Encryption was in fact the first thing I looked up. I eventually found a bread crumb trail left by Apple that seemed promising until I started finding lines like this one (found in TypesSecVuln.html )

"The problem of how to protect a vendor's data from being copied or used without permission is not addressed here."

I continued down the path any way and found the Certificate, Key, and Trust Services Reference. This however is obviously intended to be used as a way to encrypt the user's data not vendor's data. I may be able to get it to "keep the kid sister out of the club house" but I figure that the less I do, pushing round pegs into square holes, the more secure the data will actually be. ghayenga and jnic are together right on here:

ghayenga said:
If you're including them as resources than anyone can open the backup and the app bundle and find your files. To make them unreadable you need to encrypt them and have your app decrypt them before it uses them.
Click to expand...
jnic said:
the best you can hope to do is make it prohibitively difficult so that none of your users invest the time to defeat it.

In this case, a user could load your running app into a debugger and extract the decryption key from memory.
Click to expand...

So I'm looking for something that is actually intended for this purpose.
My searches continue to reveal ways to encrypt the user's data.

Still looking - Please help
- Joshua
 
This was my concern too. And its really about what your trying to protect? Are they a set of strings or images or more.. Protecting images/copyrighted material is a long shot. Almost all apps are exposed to this.

I am using sqlite db as my data source. There are some encryption libraries like sqlcipher that tell us how to protect it, Which i could never figure out.. but then, its not full proof.
 
Luke Redpath said:
I'm curious about what you're actually trying to protect.
Click to expand...

The main thing is a big (file size>2MB) plist/NSDictionary. The file contains data of which each user is likely to use only a very small amount. Different parts of the file for each user, of course, depending on their unique requirements. This data needs to be searchable with results returned in a fraction of a second (read instantly). That all works fine... if the data is stored on the device.

It would be best if competitors not get a hold of that data. Thus the desire for it to be secured somehow. Once the app is released the app will display parts of the data visibly but it seems unlikely that someone will go through the steps required to glean information from the tens of thousands of entries manually.

-Joshua
 
thisma said:
The main thing is a big (file size>2MB) plist/NSDictionary. The file contains data of which each user is likely to use only a very small amount. Different parts of the file for each user, of course, depending on their unique requirements. This data needs to be searchable with results returned in a fraction of a second (read instantly). That all works fine... if the data is stored on the device.
-Joshua
Click to expand...

Could your app not download the data from a web server and store it locally on first run? As long as users are advised to perform the initial sync on a wifi connection, 2MB isn't exactly big.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back