Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to protect Digital Content (PDF) inside my iOS app?

Tags:

ios

pdf

drm

This question is mainly about protecting the content inside my iOS app. I intend to make an app that will download a lot of content (mainly PDF files) on user request. Once these PDFs are downloaded, they will be stored locally for easy offline access.

Now, I don't want anyone to get hold of the .ipa file and manage to extract the PDF files. If this is not possible, is it possible that even if they extract the PDFs, they canNOT view it or run them?

I am not sure how to handle this. Any suggestions are appreciated.

An alternative is, I may provide password protected files to the user to download. Store the associated password in a sqlite database. Then when the user opens the PDF from inside the APP, the app will find the password from the database and open it without any prompt to the user to enter the password. Is this possible? How?

Thanks and Regards

like image 315
ssdesign Avatar asked May 31 '12 08:05

ssdesign


3 Answers

Let's assume that you somehow scramble your PDF before putting it on your download server and the app descrambles it before showing it to the user.

In the app you can then perform the following:

  1. Load the scrambled PDF file into an NSData object.
  2. Make an NSMutableData object and descramble your PDF data into that buffer using whatever algorithm you have chosen.
  3. Now you have a usable PDF document in memory but only a scrambled version on disk. If you need to create a CGPDFDocumentRef you can do that by first creating a dataprovider using your descrambled NSMutableData object which is toll-free bridged to CFData by a simple cast

Something like

NSMutableData *data = descrambled PDF;
CFDataRef myPDFData = (CFDataRef)data;
CGDataProviderRef provider = CGDataProviderCreateWithCFData(myPDFData);
CGPDFDocumentRef pdf = CGPDFDocumentCreateWithProvider(provider);

(Credit for that snippet goes to this answer.)

Since the app must be able to descramble the PDF and user has access to both the app and the scrambled PDF file anything you do to prevent them from extracting it will basically amount to security by obscurity. Therefore I wouldn't bother with a complex encryption algorithm. You can probably just do something simple like XOR the data with a secret string hidden in your app binary.

Defeating this approach will require an attacker to disassemble your binary, and if someone is that determined you can't win, as evidenced by the sad state of current video game DRM.

By the way: In the spirit of obscurity you might also want to name your scrambled downloaded PDFs something less obvious than valuabledocument.pdf. But real security it ain't.

Edit to illustrate XOR'ing data:

Feed your scrambled NSData to something like this...

// Fill this out with whatever you want. Use the same string
// and algorithm to scramble the files on the server.
static unsigned char secretString[SECRET_STRING_LENGTH];

- (NSData *)scrambleOrDescrambleData:(NSData*)input
{
    unsigned char *outputBytes = malloc(input.length);
    memcpy(outputBytes, input.bytes, input.length);
    for (int i = 0; i < input.length; i++)
    {
        outputBytes[i] = outputBytes[i] ^ secretString[i % SECRET_STRING_LENGTH];
    }

    NSData *outputData = [[NSData alloc] initWithBytes:outputBytes length:input.length];
    free(outputBytes);

    return outputData;
}

The handy thing about XOR is that doing it twice will give you back your original data, so scrambling and descrambling is the same code.

I am avoiding the term encryption here, because this is really just obfuscating the data to keep it from casual observers.

like image 53
Heiberg Avatar answered Nov 17 '22 08:11

Heiberg


You can protect your files by encrypting them. Look at the apple reference on Protecting Data Using On-Disk Encryption.

like image 3
Vignesh Avatar answered Nov 17 '22 10:11

Vignesh


Take look at this article: http://aptogo.co.uk/2010/07/protecting-resources/

The author details encrypting app bundle resources, and then decrypting the files into memory so only the scrambled version ever resides on disk.

They use a custom NSURLProtocol for encrypting on the fly. Pretty nice summary.

like image 1
Alfie Hanssen Avatar answered Nov 17 '22 10:11

Alfie Hanssen