How can I protect my iOS app against tools like iFunbox

Question

I have an iOS app in which I download files to local storage. I've done the following to keep these local files secure: - Store them outside the documents folder (I use the library folder) - Use complete file encryption

But today I came across iFunbox. This is a tool that enables you to browse the filesystem of your iOS device without a jailbreak! What I noticed that if the device is unlocked I can browse all the files in the sandbox. Fortunately when the device is locked the files become inaccessible.

What I was wondering if there is anything I can do to further protect these files when the device itself is unlocked? So how can I protect my files from tools like iFunbox?

Answer 1

This filesystem browsing utilities will only work when your device is unlocked, what you can do to greatly improve the security is to require the passcode protection for the devices running the app. That could be done for internal corporate applications where the data is extremely valuable, I believe it must be approved by Apple as well.

To find out if the passcode is set you will check the protection attributes of a dummy file created by you at allowed place: https://stackoverflow.com/a/6192536/792677

Then if the passcode is not set you can show the notification that the application requires it. I'm sure you could set device to require to enter the passcode by private API with the help of Apple engineers, but it would be private information anyway, right ?

The general advice will be to use a strong encryption and to perform the passcode check showing some security alert notifying the user his data is in danger if it isn't set.