0

And what, if any, controls do users (or MDM profiles) have to mitigate each?

I'm not an Apple developer, so I'm not particularly familiar how the features, protocols, etc., inter-relate. Examples:

  • NSHomeDirectory()
  • Core Data
  • CloudKit
  • iCloud key-value, document, or Core Data storage
  • Keychain
  • iCloud Keychain
  • iCloud Backup

I'm particularly concerned about data an app may save that will outlive app (or app group) deletion, and be accessible to apps from that app group that may be (re-)installed later, creating a potential security / privacy vulnerability.

Can someone please describe the relevant features, the kinds of data that can be stored, and the degree of persistence (e.g., persistent across reboot, persistent across a passcode change, persistent across an app deletion, persistent across deletion of all apps in a group, persistent across "Reset Network Settings", persistent across device erase and subsequent restore, etc.)?

pseudon
  • 225
  • 1
  • 10
  • this really looks like an iOS programmer's question, not a security question – schroeder Sep 17 '16 at 22:31
  • Why did this question get downvotes? Is it unclear? It is a very timely question to get to the root of one of the most significant privacy (and security) vulnerabilities that users have by using iOS apps. You can make very assertive privacy settings on your device and take other precautions, but persistent data and device fingerprinting can still potentially track you and correlate your activities across apps, across devices, and even between online and offline activities and also prevent you from completely purging forever an app's access to your information. – pseudon Sep 25 '16 at 22:20

0 Answers0