Apple Wallet/Pass security

Discussion in 'iOS Programming' started by tottenhamboy, Jan 18, 2018.

  1. tottenhamboy macrumors newbie

    Joined:
    Jan 18, 2018
    #1
    Is it possible for a third party to determine by scanning a pass, if it has been altered in some way, such as a photo image being swapped to another photo image?

    Is it possible to use steganography to supply the pass with a jpeg image which has an encrypted element hidden within it, that when the pass is scanned, the party scanning the pass could retrieve the encrypted message attached to the jpeg with the appropriate private key for decryption.
     
  2. PhoneyDeveloper macrumors 68040

    PhoneyDeveloper

    Joined:
    Sep 2, 2008
    #2
    I'm not very knowledgeable about Passkit but you might want to look at Apple's developer documentation for it.

    The design of Passes is intended to make it impossible for third parties to modify valid passes. This is done by cryptographically signing them. On a normal iOS device I don't think there's any way for one app to access another app's Passes. On a jailbroken device it might be possible to access other app's Passes but the signing should make any tampering with a Pass detectible by the system.

    Passes contain a barcode and the barcode can contain any data. It might be possible to encode extra info there, for your own app's Passes. There are several standard images that go into a Pass so it might be possible to hide info there. But normal scanners are only scanning the barcode.

    https://developer.apple.com/library...g.html#//apple_ref/doc/uid/TP40012195-CH4-SW1
     

Share This Page