Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Apple Systems and Services > Programming > iPhone/iPad Programming

Reply
 
Thread Tools Search this Thread Display Modes
Old Nov 27, 2009, 05:04 AM   #1
thisma
macrumors newbie
 
Join Date: Sep 2008
Protect App resources from prying eyes?

Hey,

I'm looking for a way to protect / encrypt some proprietary files that my app needs to operate. I seem to not have the correct words to find the answer via google or the Apple developer documentation.

I want to make sure that, if a person opens the ipa files and starts poking around, these files will not be readable.

- Joshua
thisma is offline   0 Reply With Quote
Old Nov 27, 2009, 10:24 AM   #2
ghayenga
macrumors regular
 
Join Date: Jun 2008
Quote:
Originally Posted by thisma View Post
Hey,

I'm looking for a way to protect / encrypt some proprietary files that my app needs to operate. I seem to not have the correct words to find the answer via google or the Apple developer documentation.

I want to make sure that, if a person opens the ipa files and starts poking around, these files will not be readable.

- Joshua
That would be "encryption". If you're including them as resources than anyone can open the backup and the app bundle and find your files. To make them unreadable you need to encrypt them and have your app decrypt them before it uses them.
ghayenga is offline   0 Reply With Quote
Old Nov 27, 2009, 11:19 AM   #3
jnic
macrumors 6502a
 
Join Date: Oct 2008
Location: Cambridge
Quote:
Originally Posted by thisma View Post
I'm looking for a way to protect / encrypt some proprietary files that my app needs to operate. I seem to not have the correct words to find the answer via google or the Apple developer documentation.

I want to make sure that, if a person opens the ipa files and starts poking around, these files will not be readable.
You can never defeat a sufficiently determined attacker; the best you can hope to do is make it prohibitively difficult so that none of your users invest the time to defeat it.

In this case, a user could load your running app into a debugger and extract the decryption key from memory.
jnic is offline   0 Reply With Quote
Old Nov 27, 2009, 05:06 PM   #4
firewood
macrumors 603
 
Join Date: Jul 2003
Location: Silicon Valley
It's usually not possible to defeat a determined and skilled attacker with physical access to standard consumer hardware.

There is the question of whether the methods that can usually defeat lazy or unskilled snoops (e.g. those too lazy to even google for the tools written by the skilled attackers) from prying into your content are of sufficient value for your purposes.

e.g. a really simple substitution cipher might be enough to keep your little kid sister from reading the secret password to your club's treehouse.
firewood is online now   0 Reply With Quote
Old Nov 27, 2009, 10:38 PM   #5
thisma
Thread Starter
macrumors newbie
 
Join Date: Sep 2008
Encryption Indeed

Thank you for all the responses!
Unfortunately I still feel stuck.

Quote:
Originally Posted by ghayenga View Post
That would be "encryption".
Encryption was in fact the first thing I looked up. I eventually found a bread crumb trail left by Apple that seemed promising until I started finding lines like this one (found in TypesSecVuln.html )

"The problem of how to protect a vendor's data from being copied or used without permission is not addressed here."

I continued down the path any way and found the Certificate, Key, and Trust Services Reference. This however is obviously intended to be used as a way to encrypt the user's data not vendor's data. I may be able to get it to "keep the kid sister out of the club house" but I figure that the less I do, pushing round pegs into square holes, the more secure the data will actually be. ghayenga and jnic are together right on here:

Quote:
Originally Posted by ghayenga View Post
If you're including them as resources than anyone can open the backup and the app bundle and find your files. To make them unreadable you need to encrypt them and have your app decrypt them before it uses them.
Quote:
Originally Posted by jnic View Post
the best you can hope to do is make it prohibitively difficult so that none of your users invest the time to defeat it.

In this case, a user could load your running app into a debugger and extract the decryption key from memory.
So I'm looking for something that is actually intended for this purpose.
My searches continue to reveal ways to encrypt the user's data.

Still looking - Please help
- Joshua

Last edited by thisma; Nov 28, 2009 at 04:27 AM.
thisma is offline   0 Reply With Quote
Old Nov 28, 2009, 12:01 PM   #6
mraheel
macrumors regular
 
Join Date: Apr 2009
This was my concern too. And its really about what your trying to protect? Are they a set of strings or images or more.. Protecting images/copyrighted material is a long shot. Almost all apps are exposed to this.

I am using sqlite db as my data source. There are some encryption libraries like sqlcipher that tell us how to protect it, Which i could never figure out.. but then, its not full proof.
mraheel is offline   0 Reply With Quote
Old Nov 28, 2009, 12:35 PM   #7
Luke Redpath
macrumors 6502a
 
Join Date: Nov 2007
I'm curious about what you're actually trying to protect.
Luke Redpath is offline   0 Reply With Quote
Old Nov 28, 2009, 05:27 PM   #8
thisma
Thread Starter
macrumors newbie
 
Join Date: Sep 2008
Quote:
Originally Posted by Luke Redpath View Post
I'm curious about what you're actually trying to protect.
The main thing is a big (file size>2MB) plist/NSDictionary. The file contains data of which each user is likely to use only a very small amount. Different parts of the file for each user, of course, depending on their unique requirements. This data needs to be searchable with results returned in a fraction of a second (read instantly). That all works fine... if the data is stored on the device.

It would be best if competitors not get a hold of that data. Thus the desire for it to be secured somehow. Once the app is released the app will display parts of the data visibly but it seems unlikely that someone will go through the steps required to glean information from the tens of thousands of entries manually.

-Joshua
thisma is offline   0 Reply With Quote
Old Nov 28, 2009, 05:48 PM   #9
Luke Redpath
macrumors 6502a
 
Join Date: Nov 2007
Quote:
Originally Posted by thisma View Post
The main thing is a big (file size>2MB) plist/NSDictionary. The file contains data of which each user is likely to use only a very small amount. Different parts of the file for each user, of course, depending on their unique requirements. This data needs to be searchable with results returned in a fraction of a second (read instantly). That all works fine... if the data is stored on the device.
-Joshua
Could your app not download the data from a web server and store it locally on first run? As long as users are advised to perform the initial sync on a wifi connection, 2MB isn't exactly big.
Luke Redpath is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > Programming > iPhone/iPad Programming

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Lock Photos: protect photos and videos hidden from other eyes cocoCai iPhone and iPod touch Apps 1 Feb 24, 2014 09:14 AM
XCODE 4.5 , calendar app resources iNeedAnsurs iPhone 0 Jan 26, 2013 03:37 PM
Just bought a Thunderbolt display - it hurts my eyes.. is it the monitor or my eyes? circa7 Mac Peripherals 11 Jan 23, 2013 07:44 PM
Privacy App - Lock Photos: protect photos and videos hidden from other eyes cocoCai iPhone and iPod touch Apps 0 Dec 18, 2012 07:06 AM

Forum Jump

All times are GMT -5. The time now is 01:06 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC