Menu
Every time security of Apps comes up, it turns out a lot of people are unaware of this being an issue. For instance, iOS takes screen-shot of visible screen every time our App gets backgrounded and it is stored in local storage.
Now that's the thing I want to get rid of. I am developing an App that does online financial transactions and I want my App be very powerful in terms of security aspect. Here is the path where the screenshot is being stored when my App gets backgrounded.
Path: /private/var/mobile/Applications/15980ADD-B269-4EBE-9F52- B6275AFB195A/Library/Caches/Snapshots/com.ABC.myAppName/screenshotName.PNG
This is the image which is being stored that looks very critical:
Even more critical scenario will be if user has entered his/her Credit/Debit card number including CVV2 number and other essential information and might have forced App in background for a while.
I have been doing a little search on that and I got to know that, for an attacker to be able to leverage this attack, there are two ways for him to gain access to that:
The attacker needs physical access to the device with the intent of jail breaking.
Needs to be on the same network as user who has jail broken the device and attempt to access the device remotely.
What could have I done to avoid this being possible? Is there any solution that can avoid an attacker getting access to the sensitive information in this way?
Also I have gotten advice to enable a blank screenshot or delete the screenshot for the application, when the application is backgrounded. But, I don't have any idea what to choose and how to do it properly. Is there any other alternative?
466
A good way to keep apps running in the background iPhone is to enable the “Background App Refresh” feature. This will allow you to toggle “ON” the specific app you want to keep running in the background. Also, you'll need to turn “OFF” the “Low Power Mode”.
At the same time, didReceiveMemoryWarning is invoked for the app. At this point, so that your app continues to run properly, the OS begins terminating apps in the background to free some memory. Once all background apps are terminated, if your app still needs more memory, the OS terminates your app.
I can suggest a couple of things:
1) you know when your app is about to be put into the background, via the application delegate method:
- (void) applicationDidEnterBackground:(UIApplication *)application
That's the exact moment the snapshot is generated. Why not change your view to be something different or more "secure"?
2)
If you want the "secure" (or bogus) snapshot to be ignored when you bring the app back to foreground, you can use "[UIApplication ignoreSnapshotOnNextApplicationLaunch]".
3)
You can also add "UIApplicationExitsOnSuspend" into your app's Info.plist when putting your app into the background, which will kill your app entirely and not save a snapshot.
125
Apple told us to hide secure info before going to background, so just give it a image to hide everything:
-(void)applicationWillResignActive:(UIApplication *)application
{
if(needToHide){
_imageView = [[UIImageView alloc]initWithFrame:[self.window frame]];
[_imageView setImage:[UIImage imageNamed:@"HideME.png"]];
[self.window addSubview:_imageView];
}
}
- (void)applicationDidBecomeActive:(UIApplication *)application
{
if(_imageView != nil) {
[_imageView removeFromSuperview];
_imageView = nil;
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
