Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iOS Risk of spyware?

P

pinsrw

macrumors regular
Original poster
May 30, 2010
194
0
Hi all,

Is there any risk that another app will be able to reach into my app's directory and read my users' personal files that were created with my app? For instance, suppose Rupert Murdoch wanted to steal some documents and upload them to his servers without consent?

I'm already garbling some of my apps' data files but I wonder if I should encrypt them instead, that's why I ask.

Just curious...
 
Anyone who jailbreaks their phone can read anything in your App's directory just as easily as you would read files in a folder on your desktop.
 
pinsrw said:
I'm already garbling some of my apps' data files but I wonder if I should encrypt them instead, that's why I ask.
Click to expand...

You can't win using encryption. Not against someone who is determined. And not much determination will be needed.

Any encryption you use will need a decryption key in order to access the plaintext of your files. That key will have to be stored with the program, or generated by the program. Either way, the key is present in the program. So simply tricking your program into decrypting (by any means) will completely undermine any security you thought you had gained by encrypting.

If you're worried about other apps, what other apps are they? Exactly who and what are you defending against? If you haven't identified the value of what you're encrypting, to whom, for how long, and who and what you're protecting the data against, then any thoughts about encryption are premature.
 
chown33 said:
If you're worried about other apps, what other apps are they? Exactly who and what are you defending against?
Click to expand...

Other apps:
Let's say hypothetically that somebody like Rupert Murdoch teams up with some government agency run by people with criminal intentions, and he lets them put a jailbreak mechanism into his news reader app, and Apple's app reviewers either don't notice this violation or are forced from above to them do it. So now all my users' files are freely available.

Activities:
I'd just like to help my users protect whatever private information is on their iPad that is stored by my apps. It may be trivial stuff or very private, important stuff. There is no good reason why the iPad should be a step backward in privacy or data security.
 
I think you're trying to solve a problem that doesn't exist.

One question: Do you think Apple hasn't thought of all of this already when they were developing the iOS SDK?

If a user bothers to jailbreak their device then they are bringing any security issues onto themselves. It sounds cold, but you shouldn't worry about them. And there is no history of apps being allowed into the marketplace which would "jailbreak" a device. So really I dont' think this is an issue at all.
 
pinsrw said:
Activities:
I'd just like to help my users protect whatever private information is on their iPad that is stored by my apps. It may be trivial stuff or very private, important stuff. There is no good reason why the iPad should be a step backward in privacy or data security.
Click to expand...

A step backward from what, laptops and desktops? Both of them have even more open access of files between apps than iOS allows.

If you haven't read the iOS Keychain reference, you should start there. That at least gives users the option of storing secrets (like encryption keys or passphrases) securely, within limits.

Of course, if the user doesn't manage their keychain well, then even that won't work. There is a limit to protecting users from themselves, especially when a threat is only hypothetical.

http://developer.apple.com/library/...html#//apple_ref/doc/uid/TP30000897-CH203-TP1
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back