Insecure Data Storage
Insecure Data Storage¶
Sensitive Data Stored without Leveraging iOS Data Protection¶
Overview¶
NSFileProtectionKey:
- NSFileProtectionComplete, NSDataWritingFileProtectionComplete:
The resource is stored in an encrypted format on disk and cannot be read from, or written to, while the device is locked or booting.
Available in iOS 4.0 and later.
- NSFileProtectionCompleteUnlessOpen, NSDataWritingFileProtectionCompleteUnlessOpen:
The resource is stored in an encrypted format on disk. Resources can be created while the device is locked, but once closed, cannot be opened again until the device is unlocked. If the resource is opened when unlocked, you may continue to access the resource normally, even if the user locks the device.
Available in iOS 5.0 and later.
- NSFileProtectionCompleteUntilFirstUserAuthentication, NSDataWritingFileProtectionCompleteUntilFirstUserAuthentication:
The resource is stored in an encrypted format on disk and cannot be accessed until after the device has booted. After the user unlocks the device for the first time, your app can access the resource and continue to access it even if the user subsequently locks the device.
Available in iOS 5.0 and later.
- NSFileProtectionNone, NSDataWritingFileProtectionNone:
The resource has no special protections associated with it. It can be read from, or written to, at any time.
Available in iOS 4.0 and later.
Recommendations¶
Application should not write sensitive data to the filesystem without leveraging the Data Protection APIs
Blackbox¶
Whitebox¶
Search the Codebase for "writeToFile" calls and ensure the Data Protection flag is set with the "NSDataWritingFileProtectionComplete"
Sensitive Data to SQLite databases¶
NSUserDefaults¶
Do not write sensitive data to NSUserDefaults
NSHTTPCookieStorage¶
Do not store authentication tokens in NSHTTPCookieStorage
Application should not use persistent Pasteboard to store sensitive data¶
Plain-text Credentials should not be hard-coded in application source code¶
UIFileSharingEnabled¶
Specifies weather the application shares files with the user through itunes.
When set to Yes this shares files in the {Application_Directory}/Documents/ Folder.
Cache Control¶
HTTP Cache¶
TODO:
Keychain and File Security¶
kSecAttrAccessible¶
-kSecAttrAccessibleAfterFirstUnlock:
The data in the Keychain item cannot be accessed after a restart until the device has been unlocked once by the user.
After the first unlock, the data remains accessible until the next restart. This is recommended for items that need to be accessed by background applications. Items with this attribute migrate to a new device when using encrypted backups.
Available in iOS 4.0 and later.
-kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly:
The data in the Keychain item cannot be accessed after a restart until the device has been unlocked once by the user.
After the first unlock, the data remains accessible until the next restart. This is recommended for items that need to be accessed by background applications. Items with this attribute do not migrate to a new device. Thus, after restoring from a backup of a different device, these items will not be present.
Available in iOS 4.0 and later.
-kSecAttrAccessibleAlways:
The data in the Keychain item can always be accessed regardless of whether the device is locked.
This is not recommended for application use. Items with this attribute migrate to a new device when using encrypted backups.
Available in iOS 4.0 and later.
-kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly:
The data in the Keychain can only be accessed when the device is unlocked. Only available if a passcode is set on the device.
This is recommended for items that only need to be accessible while the application is in the foreground. Items with this attribute never migrate to a new device. After a backup is restored to a new device, these items are missing. No items can be stored in this class on devices without a passcode. Disabling the device passcode causes all items in this class to be deleted.
Available in iOS 8.0 and later.
-kSecAttrAccessibleAlwaysThisDeviceOnly:
The data in the Keychain item can always be accessed regardless of whether the device is locked.
This is not recommended for application use. Items with this attribute do not migrate to a new device. Thus, after restoring from a backup of a different device, these items will not be present.
Available in iOS 4.0 and later.
-kSecAttrAccessibleWhenUnlocked:
The data in the Keychain item can be accessed only while the device is unlocked by the user.
This is recommended for items that need to be accessible only while the application is in the foreground. Items with this attribute migrate to a new device when using encrypted backups.
This is the default value for Keychain items added without explicitly setting an accessibility constant.
Available in iOS 4.0 and later.
-kSecAttrAccessibleWhenUnlockedThisDeviceOnly:
The data in the Keychain item can be accessed only while the device is unlocked by the user.
This is recommended for items that need to be accessible only while the application is in the foreground. Items with this attribute do not migrate to a new device. Thus, after restoring from a backup of a different device, these items will not be present.
Available in iOS 4.0 and later.
Push Notifications¶
Initial connection uses keychain info to make connection to server. Poll is done without the need for keychain.
DidReceiveRemoteNotification()¶
When the app is in the foreground, DidReceiveRemoteNotification() is called, and we can process the notification. We then display an alert dialog.
When the app is in the background (not killed), DidReceiveRemoteNotification() is also called, and we can process the notification. The notification is automatically displayed as a banner.
When the app is killed, DidReceiveRemoteNotification() is not called, so we can not process the notification. However, the notification will be shown as a banner.
Application Functions¶
TODO: