Menu
This question is mainly about protecting the content inside my iOS app. I intend to make an app that will download a lot of content (mainly PDF files) on user request. Once these PDFs are downloaded, they will be stored locally for easy offline access.
Now, I don't want anyone to get hold of the .ipa file and manage to extract the PDF files. If this is not possible, is it possible that even if they extract the PDFs, they canNOT view it or run them?
I am not sure how to handle this. Any suggestions are appreciated.
An alternative is, I may provide password protected files to the user to download. Store the associated password in a sqlite database. Then when the user opens the PDF from inside the APP, the app will find the password from the database and open it without any prompt to the user to enter the password. Is this possible? How?
Thanks and Regards
315
Let's assume that you somehow scramble your PDF before putting it on your download server and the app descrambles it before showing it to the user.
In the app you can then perform the following:
NSData object.NSMutableData object and descramble your PDF data into that buffer using whatever algorithm you have chosen.CGPDFDocumentRef you can do that by first creating a dataprovider using your descrambled NSMutableData object which is toll-free bridged to CFData by a simple castSomething like
NSMutableData *data = descrambled PDF;
CFDataRef myPDFData = (CFDataRef)data;
CGDataProviderRef provider = CGDataProviderCreateWithCFData(myPDFData);
CGPDFDocumentRef pdf = CGPDFDocumentCreateWithProvider(provider);
(Credit for that snippet goes to this answer.)
Since the app must be able to descramble the PDF and user has access to both the app and the scrambled PDF file anything you do to prevent them from extracting it will basically amount to security by obscurity. Therefore I wouldn't bother with a complex encryption algorithm. You can probably just do something simple like XOR the data with a secret string hidden in your app binary.
Defeating this approach will require an attacker to disassemble your binary, and if someone is that determined you can't win, as evidenced by the sad state of current video game DRM.
By the way: In the spirit of obscurity you might also want to name your scrambled downloaded PDFs something less obvious than valuabledocument.pdf. But real security it ain't.
Edit to illustrate XOR'ing data:
Feed your scrambled NSData to something like this...
// Fill this out with whatever you want. Use the same string
// and algorithm to scramble the files on the server.
static unsigned char secretString[SECRET_STRING_LENGTH];
- (NSData *)scrambleOrDescrambleData:(NSData*)input
{
unsigned char *outputBytes = malloc(input.length);
memcpy(outputBytes, input.bytes, input.length);
for (int i = 0; i < input.length; i++)
{
outputBytes[i] = outputBytes[i] ^ secretString[i % SECRET_STRING_LENGTH];
}
NSData *outputData = [[NSData alloc] initWithBytes:outputBytes length:input.length];
free(outputBytes);
return outputData;
}
The handy thing about XOR is that doing it twice will give you back your original data, so scrambling and descrambling is the same code.
I am avoiding the term encryption here, because this is really just obfuscating the data to keep it from casual observers.
53
You can protect your files by encrypting them. Look at the apple reference on Protecting Data Using On-Disk Encryption.
3
Take look at this article: http://aptogo.co.uk/2010/07/protecting-resources/
The author details encrypting app bundle resources, and then decrypting the files into memory so only the scrambled version ever resides on disk.
They use a custom NSURLProtocol for encrypting on the fly. Pretty nice summary.
1
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
