Risk of spyware?

Discussion in 'iOS Programming' started by pinsrw, Dec 30, 2010.

  1. pinsrw macrumors regular

    Joined:
    May 30, 2010
    #1
    Hi all,

    Is there any risk that another app will be able to reach into my app's directory and read my users' personal files that were created with my app? For instance, suppose Rupert Murdoch wanted to steal some documents and upload them to his servers without consent?

    I'm already garbling some of my apps' data files but I wonder if I should encrypt them instead, that's why I ask.

    Just curious...
     
  2. cnstoll macrumors 6502

    Joined:
    Aug 29, 2010
    #2
    Anyone who jailbreaks their phone can read anything in your App's directory just as easily as you would read files in a folder on your desktop.
     
  3. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #3
    You can't win using encryption. Not against someone who is determined. And not much determination will be needed.

    Any encryption you use will need a decryption key in order to access the plaintext of your files. That key will have to be stored with the program, or generated by the program. Either way, the key is present in the program. So simply tricking your program into decrypting (by any means) will completely undermine any security you thought you had gained by encrypting.

    If you're worried about other apps, what other apps are they? Exactly who and what are you defending against? If you haven't identified the value of what you're encrypting, to whom, for how long, and who and what you're protecting the data against, then any thoughts about encryption are premature.
     
  4. pinsrw thread starter macrumors regular

    Joined:
    May 30, 2010
    #4
    Other apps:
    Let's say hypothetically that somebody like Rupert Murdoch teams up with some government agency run by people with criminal intentions, and he lets them put a jailbreak mechanism into his news reader app, and Apple's app reviewers either don't notice this violation or are forced from above to them do it. So now all my users' files are freely available.

    Activities:
    I'd just like to help my users protect whatever private information is on their iPad that is stored by my apps. It may be trivial stuff or very private, important stuff. There is no good reason why the iPad should be a step backward in privacy or data security.
     
  5. cnstoll macrumors 6502

    Joined:
    Aug 29, 2010
    #5
    I think you're trying to solve a problem that doesn't exist.

    One question: Do you think Apple hasn't thought of all of this already when they were developing the iOS SDK?

    If a user bothers to jailbreak their device then they are bringing any security issues onto themselves. It sounds cold, but you shouldn't worry about them. And there is no history of apps being allowed into the marketplace which would "jailbreak" a device. So really I dont' think this is an issue at all.
     
  6. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #6
    A step backward from what, laptops and desktops? Both of them have even more open access of files between apps than iOS allows.

    If you haven't read the iOS Keychain reference, you should start there. That at least gives users the option of storing secrets (like encryption keys or passphrases) securely, within limits.

    Of course, if the user doesn't manage their keychain well, then even that won't work. There is a limit to protecting users from themselves, especially when a threat is only hypothetical.

    http://developer.apple.com/library/...html#//apple_ref/doc/uid/TP30000897-CH203-TP1
     

Share This Page