Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can the user access the keychain on iOS?

Tags:

ios

keychain

We're looking at storing some information (think the equivalent of usernames, passwords, etc) in our app that we don't want the user to be able to meddle with. One (bad) way to do this would be to put them in an encrypted file somewhere in the app's folder, but if we did that the user would be able to take any iOS filesystem exploration tool and edit or replace that file, which we don't want.

If we stored the details in the keychain, is there any way the user could read or write those details, for example by running the keychain equivalent of a filesystem exploration tool? Or is there no way to get at the app's information in the keychain without running that app?

Obviously if the user hacks our app, or has a jailbroken device, or somehow man-in-the-middle the connection that sends the information to the device, or etc, they could access the keychain items. I'm not worried about that - just about whether a user with a regular, unhacked device and no weird apps on it could access the data in the keychain.

Thanks for your help.

like image 676
Colen Avatar asked Dec 30 '13 21:12

Colen


People also ask

Can you view Apple Keychain on iPhone?

Open the Settings app and tap your Apple ID banner at the top of the Settings menu. Tap iCloud. Scroll down the list and select Keychain.

What is iOS Keychain Access?

Keychain Access is a macOS app that stores your passwords and account information, and reduces the number of passwords you have to remember and manage. When you access a website, email account, network server, or other password-protected item, you may be given the option to remember or save the password.

Does Apple Keychain share across devices?

iCloud Keychain can also keep the accounts you use in Mail, Contacts, Calendar, and Messages up to date across all of your iPhone, iPad, and iPod touch devices and Mac computers.


1 Answers

According to Apple docs:

Whereas in OS X any application can access any keychain item provided the user gives permission, in iOS an application can access only its own keychain items.

Note: On iPhone, Keychain rights depend on the provisioning profile used to sign your application. Be sure to consistently use the same provisioning profile across different versions of your application.

So, if you assume that your device is not jailbroken and the the keychain subsystem is working properly, only your app (identified through its provisioning profile) can access its own keychain items. If you have different apps sharing the same provisioning profile, then they can all access the same keychain items.

like image 69
sergio Avatar answered Oct 23 '22 03:10

sergio