0

on Android, i can store files into a fairly-protected file by using Context.openfileoutput. it'll save to internal disk that is specific to my app, which isn't accessible to other apps, and the only way to get this is via connecting debugger/rooting device. this isn't 100% hack-proof, but it's good enough.

Is this something that exists on iOS?

i read https://developer.apple.com/library/content/qa/qa1699/_index.html, but is this safe? like i'm guessing it looks something like

NSArray *paths = NSSearchPathForDirectoriesInDomains(NSLibraryDirectory, NSUserDomainMask, YES);
                           NSString *librariesDirectory = [paths objectAtIndex:0];
                           NSLog(@"%@", librariesDirectory);
                           NSString *filePath = [NSString stringWithFormat:@"%@/%@/%@", librariesDirectory,@"Private", @"internal_image.jpg"];

Would this file be something that

  • other apps can not access
  • does not backup to icloud
  • is easily visible to the app but NOT the end user

?

David T.
  • 22,301
  • 23
  • 71
  • 123
  • 1
    Yes. Actually iOS works like that. Each app has its own sandbox. There are 2 general places you store stuffs - Doc and Temp folder (these two resides in the app sandbox). – GeneCode Jan 19 '17 at 02:22
  • Additional note: While these files are kept "hidden" from normal user, there is no stopping a person seeing these files in a jailbroken device. – GeneCode Jan 19 '17 at 02:23

2 Answers2

1

If you have sensitive information to store then the only really secure place to store it is in the key chain. Obviously you don't want to stick all of your data in the key chain, so instead just store an encryption key there and encrypt your information and store it in the documents directory. If someone accesses the documents directory, such as from an iCloud backup, they will not be able to read contents of the file without decrypting it.

Josh Homann
  • 15,933
  • 3
  • 30
  • 33
0

1) Create a file with your data

2) Generate a high entropy encryption key and encrypt the file

3) Save the encryption key to your server

4) Save the encrypted file to library folder and set the NSURLIsExcludedFromBackupKey flag to true

•) Now the file is in a location that will not get backed up to iCloud, it is not accessible by other apps, it is accessible by the user but is encrypted so there is nothing they can do with it.

Good info on NSURLIsExcludedFromBackupKey: https://stackoverflow.com/questions/27216189/files-disappearing-from-nslibrarydirectory/27309392#27309392

Albert Renshaw
  • 17,282
  • 18
  • 107
  • 195