Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to store critically sensitive information such as secret, key, token, encryptionKey in iOS application

When we talk about securing iOS application we often forget to secure most critically sensitive information such as secret, key, token, encryptionKey. This information is stored in iOS binary. So none of your server side security protocol will help you.

There are lots of suggestion that we should not store such information in the app but store in the server and get it via SSL secured web service call. But this is not possible for all application. E.g. if my application does not need web service at all.

In iOS app we have following option to store information.

  1. UserDefault: Not appropriate for this case
  2. String Constant: Not appropriate for this case. Can be reverse engineer to retrieve or just use strings command
  3. Secure Database: Store in Secure and encrypted Database. But again have responsibility to secure database username and password.
  4. KeyChain: Best to store critical info. But we cannot save information before installing the app. To store in the keychain, we first need to open the app, read from some source and store in the keychain. Not appropriate for our case either.
  5. Custom Hash String Constant: Not to directly use secret, token, key from service provider (mixpanel, paypal), instead use hash version of that information from custom key. This is also not perfect solution. But add complexity during hacking.

Kindly send some awsome solution to this problem.

like image 919
Rajan Twanabashu Avatar asked Mar 30 '17 07:03

Rajan Twanabashu


People also ask

How do you store sensitive information in your app iOS?

In Order to save our apps sensitive data, we should use Security services provided by Apple. Keychain Services API helps you solve these problems by giving your app a way to store the small amount of user data in an encrypted database called the keychain.

How does iOS store sensitive data?

If you need to store sensitive data, use Keychain Services. Unlike UserDefaults, the data stored in the keychain is automatically encrypted. With the keychain, you don't need to save encryption keys. Every application has its own isolated keychain section that other applications can't access.

How are iOS apps encrypted?

Data protection is an iOS feature that you use to secure your app's files and prevent unauthorized access to them. Data protection is enabled automatically when the user sets an active passcode for the device. You read and write your files normally, but the system encrypts and decrypts your content behind the scenes.


2 Answers

If you don't want to use your own backend then use Apple. You can configure On Demand Resources and keep data file with your key, token, any secret on Apple server. After first download you can write this data to Keychain which is secure enough. I'm guessing networking between iOS and Apple server is also secure enough.

On-Demand Resources Essentials

Accessing and Downloading On-Demand Resources

like image 99
Michał Myśliwiec Avatar answered Oct 12 '22 13:10

Michał Myśliwiec


1) Internet Connection Required

1.1) Push Notifications Great way to have a secure data exchange could be to use (silent) push services from Apple, those use the apns and send data through https - more Details 3.1

1.2) A more or less similar approach is also used when distributing new user certificates to already deployed applications, if a reinstall of the application is no opportunity AND the application requires a working internet connection anyway.

Downside: working network connection required and basically the information is coming to the application, when it is already being executed => seems not to be appropriate for your case. (see step 4)

2) Static data (as there will be no exchange without network connection / communication partner)

Encryption of data with private key being provided in the bundle itself. Whether it is now a string or a hash, which can be reverse engineered with functions you got emebedded in your application. Since iOS9 it is pretty hard to decompile iOS applications and basically you will mainly have a look into the provided header-files. So if you had such a function, string, hash value or whatever, make sure you got it in your .m-file!

But again: if the information is not device or user specific, just a secret across your own micro environment, valid across all devices, you would have to provide the encrypted data AND the decryption method in the same bundle, if there is no update process / information exchange or something else, you can think of.

Good for encryption: iOS System.Security https://developer.apple.com/reference/security or simply openssl

The difference between your described keychain approach is: You got a value, which WILL be encrypted and stored securely. (2) describes the approach to have an encrypted and stored (in bundle) semi secure value, which WILL be decrypted

3) Information exchange

You describe critical data, which was hashed by another instance. Great! - Make sure, relly make sure, the instance you are talking to is really the instance you expect to be (Network Hooking prevention with ssl certificate pinning etc, but even here you might have intruder (men-in-the-middle)). And you will (probably) have a certificate being provided in your application bundle, to ensure the authenticity of the communication server - here you go again, data that is supposed to ensure a secure process between certain instances of your micro environment. Nevertheless, this data is being provided in your application's bundle.

3.1 Secure Information Exchange extended - Silent Push Make use of Apple's servers to exchange your secrets for this purpose. If you just need to exchange small data chunks. I would recommend to use silent push notifications to the user, those do even work without explicit permission from the user. Huge advantage: In case your secrets or keys change, you can inform users as soon as possible about the change. They will likely only need the change, when they receive new data, which should reliably work in most cases. Exception: Data exchange in local networks or via bluetooth, in this case I would recommend to provide a notification to the user to have the requirement to update a local decryption key. Or exchange the key in this format as well. Once again: I am leaking some detailed information about your environment architecture. Downside: You don't know, whether a user just used your app for the first time, until the user "tells" you so. https://developer.apple.com/library/content/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/APNSOverview.html#//apple_ref/doc/uid/TP40008194-CH8-SW1

3.1 Secure Information Exchange extended - In App Purchase Use a frree In-App Purchase for the user to get the data to your phone. Good point here: you can provide larger data chunks easily, as this should be an active request by the user, the user does expect certain processing time and should also be aware of the fact to require a working internet connection. Downside: User would have to select this on purpose. Up until then the app would not work accordinly. https://developer.apple.com/library/content/documentation/NetworkingInternet/Conceptual/StoreKitGuide/Introduction.html#//apple_ref/doc/uid/TP40008267

So, it just slightly differs from the approach (2) in its basic idea.

In short: Can you provide additional information, what kind of data you need to encrypt/want to store securely and whether you will have a network exchange or not?

Would need some more information here :-)

I would like to emphasize once again that an application on iOS is not that easy to decrypt anymore, even decompiling would not get everything, you expect it to get. For instance decryption tools like dumpdecrypt were only working properly up until iOS 8.4

like image 30
Lepidopteron Avatar answered Oct 12 '22 12:10

Lepidopteron