Link to this headingInsecure Data Storage

Link to this headingSensitive Data Stored without Leveraging iOS Data Protection

Link to this headingOverview

NSFileProtectionKey:

  • NSFileProtectionComplete, NSDataWritingFileProtectionComplete:
    The resource is stored in an encrypted format on disk and cannot be read from, or written to, while the device is locked or booting.
    Available in iOS 4.0 and later.

  • NSFileProtectionCompleteUnlessOpen, NSDataWritingFileProtectionCompleteUnlessOpen:
    The resource is stored in an encrypted format on disk. Resources can be created while the device is locked, but once closed, cannot be opened again until the device is unlocked. If the resource is opened when unlocked, you may continue to access the resource normally, even if the user locks the device.
    Available in iOS 5.0 and later.

  • NSFileProtectionCompleteUntilFirstUserAuthentication, NSDataWritingFileProtectionCompleteUntilFirstUserAuthentication:
    The resource is stored in an encrypted format on disk and cannot be accessed until after the device has booted. After the user unlocks the device for the first time, your app can access the resource and continue to access it even if the user subsequently locks the device.
    Available in iOS 5.0 and later.

  • NSFileProtectionNone, NSDataWritingFileProtectionNone:
    The resource has no special protections associated with it. It can be read from, or written to, at any time.
    Available in iOS 4.0 and later.

Link to this headingRecommendations

Application should not write sensitive data to the filesystem without leveraging the Data Protection APIs

Link to this headingBlackbox

Link to this headingWhitebox

Search the Codebase for “writeToFile” calls and ensure the Data Protection flag is set with the “NSDataWritingFileProtectionComplete”

Link to this headingSensitive Data to SQLite databases

Link to this headingNSUserDefaults

Do not write sensitive data to NSUserDefaults

Link to this headingNSHTTPCookieStorage

Do not store authentication tokens in NSHTTPCookieStorage

Link to this headingApplication should not use persistent Pasteboard to store sensitive data

Link to this headingPlain-text Credentials should not be hard-coded in application source code

Link to this headingUIFileSharingEnabled

Specifies weather the application shares files with the user through itunes.

When set to Yes this shares files in the {Application_Directory}/Documents/ Folder.

Link to this headingCache Control

Link to this headingHTTP Cache

TODO:

Link to this headingKeychain and File Security

Link to this headingkSecAttrAccessible

-kSecAttrAccessibleAfterFirstUnlock:
The data in the Keychain item cannot be accessed after a restart until the device has been unlocked once by the user.
After the first unlock, the data remains accessible until the next restart. This is recommended for items that need to be accessed by background applications. Items with this attribute migrate to a new device when using encrypted backups.
Available in iOS 4.0 and later.

-kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly:
The data in the Keychain item cannot be accessed after a restart until the device has been unlocked once by the user.
After the first unlock, the data remains accessible until the next restart. This is recommended for items that need to be accessed by background applications. Items with this attribute do not migrate to a new device. Thus, after restoring from a backup of a different device, these items will not be present.
Available in iOS 4.0 and later.

-kSecAttrAccessibleAlways:
The data in the Keychain item can always be accessed regardless of whether the device is locked.
This is not recommended for application use. Items with this attribute migrate to a new device when using encrypted backups.
Available in iOS 4.0 and later.

-kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly:
The data in the Keychain can only be accessed when the device is unlocked. Only available if a passcode is set on the device.
This is recommended for items that only need to be accessible while the application is in the foreground. Items with this attribute never migrate to a new device. After a backup is restored to a new device, these items are missing. No items can be stored in this class on devices without a passcode. Disabling the device passcode causes all items in this class to be deleted.
Available in iOS 8.0 and later.

-kSecAttrAccessibleAlwaysThisDeviceOnly:
The data in the Keychain item can always be accessed regardless of whether the device is locked.
This is not recommended for application use. Items with this attribute do not migrate to a new device. Thus, after restoring from a backup of a different device, these items will not be present.
Available in iOS 4.0 and later.

-kSecAttrAccessibleWhenUnlocked:
The data in the Keychain item can be accessed only while the device is unlocked by the user.
This is recommended for items that need to be accessible only while the application is in the foreground. Items with this attribute migrate to a new device when using encrypted backups.
This is the default value for Keychain items added without explicitly setting an accessibility constant.
Available in iOS 4.0 and later.

-kSecAttrAccessibleWhenUnlockedThisDeviceOnly:
The data in the Keychain item can be accessed only while the device is unlocked by the user.
This is recommended for items that need to be accessible only while the application is in the foreground. Items with this attribute do not migrate to a new device. Thus, after restoring from a backup of a different device, these items will not be present.
Available in iOS 4.0 and later.

Link to this headingPush Notifications

How Push Notifications Work

Initial connection uses keychain info to make connection to server. Poll is done without the need for keychain.

Link to this headingDidReceiveRemoteNotification()

When the app is in the foreground, DidReceiveRemoteNotification() is called, and we can process the notification. We then display an alert dialog.

When the app is in the background (not killed), DidReceiveRemoteNotification() is also called, and we can process the notification. The notification is automatically displayed as a banner.

When the app is killed, DidReceiveRemoteNotification() is not called, so we can not process the notification. However, the notification will be shown as a banner.

Link to this headingApplication Functions

TODO: