3

I am designing offline features for an app which caches data in offline mode and provides them to users. The app also needs to support the login feature in the offline mode.

I am seeing Sqlicipher as a better option than Core data security with File Protection because only when data protection is enforced in iOS device the security of the data is ensured.

And I am also afraid of the hardware encryption of iOS due to this incident.

As part of my design for Sqlicipher, I have planned the below staregy:

  1. Use SqlCipher for storing the sensitive data.
  2. Make the user's credentials as the key for the SqlCipher DB access.
  3. Store the credentials of user in keychain access.

Questions:

  1. Is storing credentials in keychain access a safer option and foolproof. if not, what is the alternative?
  2. Is my understanding on Core data's security in light of data protection correct?
Charles
  • 50,943
  • 13
  • 104
  • 142
RK-
  • 12,099
  • 23
  • 89
  • 155
  • 1
    Will **never** be possible. If your app has access to a secret, then an attacker has access to the same secret via a debugger. – rook Jul 26 '12 at 15:34
  • How will the hacker will have access to debugger when the app in running? – RK- Jul 30 '12 at 06:30
  • Judging by your profile I can understand it is possible. Any pointers on how it is done..? – RK- Jul 30 '12 at 06:33

0 Answers0