Protect App resources from prying eyes?

Discussion in 'iOS Programming' started by thisma, Nov 27, 2009.

  1. thisma
    Expand Collapse
    macrumors member

    Joined:
    Sep 9, 2008
    #1
    Hey,

    I'm looking for a way to protect / encrypt some proprietary files that my app needs to operate. I seem to not have the correct words to find the answer via google or the Apple developer documentation.

    I want to make sure that, if a person opens the ipa files and starts poking around, these files will not be readable.

    - Joshua
     
  2. ghayenga
    Expand Collapse
    macrumors regular

    Joined:
    Jun 18, 2008
    #2
    That would be "encryption". If you're including them as resources than anyone can open the backup and the app bundle and find your files. To make them unreadable you need to encrypt them and have your app decrypt them before it uses them.
     
  3. jnic
    Expand Collapse
    macrumors 6502a

    Joined:
    Oct 24, 2008
    Location:
    Cambridge
    #3
    You can never defeat a sufficiently determined attacker; the best you can hope to do is make it prohibitively difficult so that none of your users invest the time to defeat it.

    In this case, a user could load your running app into a debugger and extract the decryption key from memory.
     
  4. firewood
    Expand Collapse
    macrumors 604

    Joined:
    Jul 29, 2003
    Location:
    Silicon Valley
    #4
    It's usually not possible to defeat a determined and skilled attacker with physical access to standard consumer hardware.

    There is the question of whether the methods that can usually defeat lazy or unskilled snoops (e.g. those too lazy to even google for the tools written by the skilled attackers) from prying into your content are of sufficient value for your purposes.

    e.g. a really simple substitution cipher might be enough to keep your little kid sister from reading the secret password to your club's treehouse.
     
  5. thisma
    Expand Collapse
    thread starter macrumors member

    Joined:
    Sep 9, 2008
    #5
    Encryption Indeed

    Thank you for all the responses!
    Unfortunately I still feel stuck.

    Encryption was in fact the first thing I looked up. I eventually found a bread crumb trail left by Apple that seemed promising until I started finding lines like this one (found in TypesSecVuln.html )

    "The problem of how to protect a vendor's data from being copied or used without permission is not addressed here."

    I continued down the path any way and found the Certificate, Key, and Trust Services Reference. This however is obviously intended to be used as a way to encrypt the user's data not vendor's data. I may be able to get it to "keep the kid sister out of the club house" but I figure that the less I do, pushing round pegs into square holes, the more secure the data will actually be. ghayenga and jnic are together right on here:

    So I'm looking for something that is actually intended for this purpose.
    My searches continue to reveal ways to encrypt the user's data.

    Still looking - Please help
    - Joshua
     
  6. mraheel
    Expand Collapse
    macrumors regular

    Joined:
    Apr 18, 2009
    #6
    This was my concern too. And its really about what your trying to protect? Are they a set of strings or images or more.. Protecting images/copyrighted material is a long shot. Almost all apps are exposed to this.

    I am using sqlite db as my data source. There are some encryption libraries like sqlcipher that tell us how to protect it, Which i could never figure out.. but then, its not full proof.
     
  7. Luke Redpath
    Expand Collapse
    macrumors 6502a

    Joined:
    Nov 9, 2007
    Location:
    Colchester, UK
    #7
    I'm curious about what you're actually trying to protect.
     
  8. thisma
    Expand Collapse
    thread starter macrumors member

    Joined:
    Sep 9, 2008
    #8
    The main thing is a big (file size>2MB) plist/NSDictionary. The file contains data of which each user is likely to use only a very small amount. Different parts of the file for each user, of course, depending on their unique requirements. This data needs to be searchable with results returned in a fraction of a second (read instantly). That all works fine... if the data is stored on the device.

    It would be best if competitors not get a hold of that data. Thus the desire for it to be secured somehow. Once the app is released the app will display parts of the data visibly but it seems unlikely that someone will go through the steps required to glean information from the tens of thousands of entries manually.

    -Joshua
     
  9. Luke Redpath
    Expand Collapse
    macrumors 6502a

    Joined:
    Nov 9, 2007
    Location:
    Colchester, UK
    #9
    Could your app not download the data from a web server and store it locally on first run? As long as users are advised to perform the initial sync on a wifi connection, 2MB isn't exactly big.
     

Share This Page