Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Data protection on mobile devices

Tags:

iphone

encryption

nskeyedarchiver

I'm storing some healthcare data on a mobile phone and I'd like to know what the best system of encryption is, to keep the data secure. It's basically a bunch of model objects, that I'm serializing and storing using NSKeyedArchiver / the equivalent on Blackberry (the name eludes me for now)

Any tips? I don't want to make up security protocols as I go along, but one of the other threads suggested the following approach.

  • Generate a public / private key pair
  • Store the public key
  • Encrypt the private key with a hash of the user's password.
  • Use the public key to encrypt the byte stream.
  • Decrypt the pvt key, keep it in memory, whenever the user logs in, and decrypt the stored data as needed.

Is there a more standard way of doing this?

Thanks,
Teja.

Edit: I appreciate it that you're trying to help me, but the things currently being discussed are business level discussions, on which I have no control of. So rephrasing my question, if you ignore that it's healthcare data, but some confidential data, say a password, how would you go about doing it?

like image 240
Tejaswi Yerukalapudi Avatar asked Feb 26 '23 09:02

Tejaswi Yerukalapudi

1 Answers

There might be an easier way for secure data storage. With iOS 4.0 apple introduced system provided encryption of application documents. This means that the OS is responsible for doing all the encryption and decyryption in a fairly transparent way.

Applications that work with sensitive user data can now take advantage of the built-in encryption available on some devices to protect that data. When your application designates a particular file as protected, the system stores that file on-disk in an encrypted format. While the device is locked, the contents of the file are inaccessible to both your application and to any potential intruders. However, when the device is unlocked by the user, a decryption key is created to allow your application to access the file.

So only when your app is active, the files can be read back in unencrypted format. But the nice thing is that they are always encrypted on disk. So even if someone jailbreaks the device, or backs it up, the retrieved files are worthless.

This was probably introduced to conform to some specific data security standard that is required. I can't find that anywhere though.

For more info see the iOS 4.0 release notes.

like image 89
Stefan Arentz Avatar answered Mar 06 '23 21:03

Stefan Arentz
Sign in to Comment

Related questions

How can I get user's email? iPhone SDK
App is fast on 3GS but slow on 3G
Tips and Tricks to avoid iphone app crash
Unknown and unreproducible crash causes App Store rejection
Convert iPad application to iPhone application?
How do I show a loading bezel on the iPhone?
what type of network programming is necessary in iPhone online multiplayer game?
How to know if device supports auto-focus
Is background GPS\location logging possible on iPhone 4 or 3GS running on iOS4
Distinguishing development iPhone app versions
Simpler NSLog macro
Using an NSFetchedResultsController without a UITableViewController
Is there a cross platform barcode scanner application with an SDK available for mobile devices? [closed]
Which is faster when reading large amounts of data: XML or SQLite
UIBarButtonItem has a too large click area
Send Crash Reports from within App
Effective way to design and manage iPhone application similar to settings
Finding the path of resource folder?
Knowing when user has pressed cancel buttons during In-App purchase
How do I send a delete request with ASIHTTPRequest?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!