7

I'm developing an iPad app that will rely on a very large database of valuable information. I'm not too familiar with the device myself (I don't have a personal iPad, nor have I ever used one outside of developing this app). Users cannot directly see the data in the database through my app anywhere.

Would there be any other way users could get access to the data in my database (perhaps by plugging the device into the computer and going through Xcode or iTunes)? If not, I've been reading up on jailbreaking a little, and I've seen that doing so can allow a user access to the device's filesystem, so would that allow them to see the contents of my database? Or would it be possible by jailbreaking and installing an app to view database files on jailbroken devices (in fact this question would suggest that it could be quite easy to develop a "database reader" app for jailbroken devices)?

Community
  • 1
  • 1
GeneralMike
  • 2,951
  • 3
  • 28
  • 56
  • 3
    the average iDevice user wouldn't know a database if you shoved it up their nose. A knowledgeable user would be able to easily retrieve the db files and grab anything/everything from the iDevice if they so desired. – Marc B Aug 20 '13 at 19:37
  • 2
    Keep any important database information stored on a database server - not the iPad. Anything stored in a local file/database will be accessible to the iPad user, although you can look into encrypting this information. – Joseph Paetz Aug 20 '13 at 19:39

3 Answers3

6

If the database is there, then people can touch it. It's just a matter of being a little more than a power user. They might not be able to read the data from the database if they don't have the credentials to authenticate into it, but then again once you have a database in your hard disk, it's just a matter of patience and knowledge to break into it.

This is a principle that applies to any device and operating system, not just iPad and iOS. If you don't want your users messing up with some file your app uses, you may encrypt it with an obscenely long encryption key. Someone may eventually crack that info... All you can do is ensure that they won't be able to do so before your app is obsolete anyway.

Otherwise, keep your data in a server, where people can't touch it.

Geeky Guy
  • 9,229
  • 4
  • 42
  • 62
  • Ahh, that's what I was afraid of. We have the data on a server as well, but one of the requirements of the app is that it has to be 100% functional even if there is no internet access - which is why I've needed to store everything on the device in the first place. I'm not very familiar with encryption, but it looks like that is where I need to start looking. – GeneralMike Aug 20 '13 at 19:56
  • Is the information you need 100% confidential, or just some settings you don't want the user to mess up with? – Geeky Guy Aug 20 '13 at 19:57
  • More on the 100% confidential side. My company has been collecting data important to our industry for around 20 years, and that is the data I need to access. The fear is that a customer will gain access to that data, copy it, and no longer have need for our services, or will turn around and use it as a significant stepping stone to becoming a competitor. – GeneralMike Aug 20 '13 at 20:07
  • I imagine that you store this data in the device to upload it later on to your servers, right? If so, then yes, encryption may be the way to go. Make a pair of asymetric encryption keys. Keep one on the devices and use it to encrypt the data. Anything encrypted with one key of such a pair can only be decrypted by the other key (i.e.: the same key that encrypts some data will not be able to decrypt it). Don't forget to delete the data from the device ASAP after you've confirmed a successful upload. – Geeky Guy Aug 20 '13 at 20:12
  • If you're really paranoid (or just find these things fun, like I do), you could make sure that the data is being uploaded to the right servers by first receiving a message encrypted with the key that is not stored in the device. Anyone may copy the key in the device and encrypt data with it/decrypt data encrypted with the private key in the servers. But since only you have the private key, only you are able to create a message that the public key in the device can validate. So you have the means to be safe on both sides. – Geeky Guy Aug 20 '13 at 20:15
  • 2
    Have you heard of [Hopper](http://hopperapp.com/)? The problem with storing a database in the app encrypted is that the app must also know how to decrypt it. If the app knows how, so does the hacker. However, if the user can see the data, they can also copy it (even if stored server side). So, maybe it's a hopeless battle. Just use some basic encryption to stop the casual user, and be done with it. – Marcus Adams Aug 20 '13 at 20:20
  • @MarcusAdams that's why I encourage using an asymetric pair of keys. I think Mike's app doesn't have to know how o decrypt such information, only how to encrypt it. – Geeky Guy Aug 20 '13 at 20:35
  • 1
    @Renan, your comments seem to imply the app is writing to the DB and uploading data, but the question implies that the app is reading from the DB. – Marcus Adams Aug 20 '13 at 20:54
  • @MarcusAdams: I've never heard of Hopper, I'll take a look at it, thank you. I've also been pointed to [SQLCipher](http://sqlcipher.net/). You are correct that my app will need to access the data in the database to run, so I supposed you make a good point that if the app has to do it, a hacker could get it. I don't think there's much concern about really sophisticated attacks - as you mentioned I'm mostly looking for some basic encryption to stop a casual user. Thanks to you and to Renan for all the good feedback. – GeneralMike Aug 21 '13 at 12:51
  • 1
    I agree that this issue exists for most any device/OS. However, I believe it's actually **more** of an issue for iOS, because many developers are left with a false sense of security with the iOS sandbox, and limitations on App Store apps. Jailbreaking takes virtually no technical sophistication these days, and with very simple tools, you can login to a jailbroken phone, and inspect any file on the filesystem. This is such a simple attack vector, and I believe developers do need to at least protect against it. – Nate Aug 24 '13 at 06:34
2

I am a Developer (not a hacker) no matter how hard I try to defend my apps, as soon as the code or database is on the device (encrypted or not) I treat the data as public. if the decryption key is passed to the phone and decrypted on the phone, then consider that data public too. basically you are screwed. Give up defending your apps. and just start building cooler stuff, and use HTTPS when sending data over the internet, thats all I can ask for. Defending your keys, api tokens, high scores, coins, etc.. is quite literally impossible. yes do a little to try, but your efforts are fruitless. Every day the public hacker tools to see inside locally encrypted databases, locally encrypted apps, see inside obfuscated apps, is getting better and better every day. you can't beat it. developers are not smarter than hackers, period. Giving the end user a false sense of security. its like locking your house, or locking your car, can you stop someone breaking in? nope. the only way to solve it is to build a big ass bank (aka server), put some tellers at the front desk (aka cloud API), and be done with it.

hamish
  • 1,141
  • 1
  • 12
  • 21
0

I'm not an IOS developer, but I do know SQLite. You can encrypt databases in SQLite - look for sqlite3_key_v2() documentation. Your application will need to have the password internally, but you can make it difficult for a hacker to get at that. Don't use a static string as your password - instead take some string and then manipulate it programmatically. This will make it more difficult, though not impossible for an attacker to recover the key. But it will add an order of magnitude more complexity to get at. The attacker will have to get access to the database file itself, and then will have to reverse engineer your app in order to recover the database password.

Kurt Fitzner
  • 595
  • 5
  • 14