3

I'm developing an app that uses the PhoneGap framework, and therefore is just a plain web-app that uses HTML5. As with many web-apps, my customer also wants data available when the device is offline. For those situations, I want to store data in the local store of the browser.

However, the customer also wants the data to be encrypted, so in case of a device loss no sensitive data gets into wrong hands. My current research brought up 2 possible approaches:

1) Encrypt any data using a JS encryption framework before storing in the local store. Since my app requires a user login, I could use the user password to derive encryption keys (user password is stored in the iOS keychain)

2) User iOS' data protection mechanisms https://www.apple.com/business/docs/iOS_Security_Guide.pdf

For 2), is it correct that enabling data protection in the developer portal (App IDs section) does not actually encrypt anything, but rather enables the possibility to encrypt specific files using the appropriate NSData or NSFileManager operations? Or can the whole sandbox be encrypted (including browser local store!) by enabling data protection on the App ID/provisioning profile level?

Is there any other recommended approach to secure the stored data in the browser's local store?

iwasrobbed
  • 46,496
  • 21
  • 150
  • 195
user826955
  • 3,137
  • 2
  • 30
  • 71
  • Derive the key from the user's password (using a proper KDF and a salt). Require the user to enter the password when starting the application. But obviously that's only secure if the user's password is strong. – CodesInChaos Apr 11 '13 at 13:49

1 Answers1

1

The first option works cross-device.

Two solid JS Encryption frameworks I found in my research are

Whatever you do, make sure the possible data used for deriving an encryption key (password in your example) is stored safely.

Andrea M
  • 110
  • 1
  • 7
  • Using iOS' keychain should be safe, right? I found code examples that additionally encrypt passwords before storing in the keychain. Is this necessary? I thought the point of the keychain already *is* to have a secure location to store sensitive stuff ... ? Also, can someone enlighten me on 2) above please? – user826955 Apr 15 '13 at 08:32
  • 1
    Quoting the Mac Developer Library: "A keychain is an encrypted container that holds passwords for multiple applications and secure services. Keychains are secure storage containers, which means that when the keychain is locked, no one can access its protected contents." So there is no need to additionally encrypt passwords, unless you are very paranoid ;) source: https://developer.apple.com/library/mac/#documentation/security/Conceptual/keychainServConcepts/02concepts/concepts.html#//apple_ref/doc/uid/TP30000897-CH204-TP9 – Andrea M Apr 16 '13 at 07:52
  • Ah thanks for the info. 2) is still unclear to me however. Can the app sandbox be globally encryptet (inkl. browser local store) by enabling data protection in the provisioning profile? – user826955 Apr 16 '13 at 09:56
  • I see, take a look at this question, as it addresses some of your concerns: http://stackoverflow.com/questions/4595955/protecting-the-app-sandbox – Andrea M Apr 16 '13 at 12:17
  • Unfortunately this page does not explain what the provisioning profile option does. – user826955 Apr 22 '13 at 13:38