Protect App resources from prying eyes?

Discussion in 'iOS Programming' started by thisma, Nov 27, 2009.

  1. thisma macrumors member

    Sep 9, 2008

    I'm looking for a way to protect / encrypt some proprietary files that my app needs to operate. I seem to not have the correct words to find the answer via google or the Apple developer documentation.

    I want to make sure that, if a person opens the ipa files and starts poking around, these files will not be readable.

    - Joshua
  2. ghayenga macrumors regular

    Jun 18, 2008
    That would be "encryption". If you're including them as resources than anyone can open the backup and the app bundle and find your files. To make them unreadable you need to encrypt them and have your app decrypt them before it uses them.
  3. jnic macrumors 6502a

    Oct 24, 2008
    You can never defeat a sufficiently determined attacker; the best you can hope to do is make it prohibitively difficult so that none of your users invest the time to defeat it.

    In this case, a user could load your running app into a debugger and extract the decryption key from memory.
  4. firewood macrumors 604

    Jul 29, 2003
    Silicon Valley
    It's usually not possible to defeat a determined and skilled attacker with physical access to standard consumer hardware.

    There is the question of whether the methods that can usually defeat lazy or unskilled snoops (e.g. those too lazy to even google for the tools written by the skilled attackers) from prying into your content are of sufficient value for your purposes.

    e.g. a really simple substitution cipher might be enough to keep your little kid sister from reading the secret password to your club's treehouse.
  5. thisma thread starter macrumors member

    Sep 9, 2008
    Encryption Indeed

    Thank you for all the responses!
    Unfortunately I still feel stuck.

    Encryption was in fact the first thing I looked up. I eventually found a bread crumb trail left by Apple that seemed promising until I started finding lines like this one (found in TypesSecVuln.html )

    "The problem of how to protect a vendor's data from being copied or used without permission is not addressed here."

    I continued down the path any way and found the Certificate, Key, and Trust Services Reference. This however is obviously intended to be used as a way to encrypt the user's data not vendor's data. I may be able to get it to "keep the kid sister out of the club house" but I figure that the less I do, pushing round pegs into square holes, the more secure the data will actually be. ghayenga and jnic are together right on here:

    So I'm looking for something that is actually intended for this purpose.
    My searches continue to reveal ways to encrypt the user's data.

    Still looking - Please help
    - Joshua
  6. mraheel macrumors regular

    Apr 18, 2009
    This was my concern too. And its really about what your trying to protect? Are they a set of strings or images or more.. Protecting images/copyrighted material is a long shot. Almost all apps are exposed to this.

    I am using sqlite db as my data source. There are some encryption libraries like sqlcipher that tell us how to protect it, Which i could never figure out.. but then, its not full proof.
  7. Luke Redpath macrumors 6502a

    Nov 9, 2007
    Colchester, UK
    I'm curious about what you're actually trying to protect.
  8. thisma thread starter macrumors member

    Sep 9, 2008
    The main thing is a big (file size>2MB) plist/NSDictionary. The file contains data of which each user is likely to use only a very small amount. Different parts of the file for each user, of course, depending on their unique requirements. This data needs to be searchable with results returned in a fraction of a second (read instantly). That all works fine... if the data is stored on the device.

    It would be best if competitors not get a hold of that data. Thus the desire for it to be secured somehow. Once the app is released the app will display parts of the data visibly but it seems unlikely that someone will go through the steps required to glean information from the tens of thousands of entries manually.

  9. Luke Redpath macrumors 6502a

    Nov 9, 2007
    Colchester, UK
    Could your app not download the data from a web server and store it locally on first run? As long as users are advised to perform the initial sync on a wifi connection, 2MB isn't exactly big.

Share This Page