Erase keychain data if device is jail broken

Question

Currently i have an application which has a "Remember Me" option for storing User ID.So to store this currently i am using Keychain APIs.

But i have a doubt if by chance device is stolen and somebody jailbreak the device. Can he able to get all these data from keychain?

How to prevent this ?

Answer 1

The most important thing when using the KeyChain is to not use kSecAttrAccessibleAlways or kSecAttrAccessibleAlwaysThisDeviceOnly because then data is not encrypted securely (see Apple's documentation). Not using these adds a layer of security to KeyChain data, but still, a strong passcode would be required by the user to protect his data. If the user has no passcode on the device, the data is unprotected. If the user has a 4-digit passcode (the standard), the data is protected very weakly and can be brute forced in minutes.

If you require protection from jailbreak (and other attacks), your best option is to not use the KeyChain, but create an encrypted sensitive data store of your own and require the user to have a secure passcode. Store the data encrypted using a key generated from that passcode.

This could inconvenience your users, so if you wish to provide a grace period between requiring passcode, think of a way to provide a session cookie to the app which is invalidated after a set period of time.

Answer 2

To be extra safe I'd add another layer of security on top of everything and make a simple check if the device is jailbroken. If that's the case I'd delete the current KeyChain \ sensitive data.

Something like that:

NSString *filePath = @"/Applications/Cydia.app";
if ([[NSFileManager defaultManager] fileExistsAtPath:filePath])
{
   //Device is jailbroken --> delete KeyChain
}

Or even better:

FILE *f = fopen("/bin/bash", "r");
BOOL isbash = NO;
if (f != NULL)
{
    //Device is jailbroken --> delete KeyChain
    isbash = YES;
}
fclose(f);