Search code examples
iosiphonesecuritynsdocumentdirectory

iOS takes a screenshot of App every time it is sent to the background - How would I secure my App?

Every time security of Apps comes up, it turns out a lot of people are unaware of this being an issue. For instance, iOS takes screen-shot of visible screen every time our App gets backgrounded and it is stored in local storage.

Now that's the thing I want to get rid of. I am developing an App that does online financial transactions and I want my App be very powerful in terms of security aspect. Here is the path where the screenshot is being stored when my App gets backgrounded.

Path: /private/var/mobile/Applications/15980ADD-B269-4EBE-9F52- B6275AFB195A/Library/Caches/Snapshots/com.ABC.myAppName/screenshotName.PNG

This is the image which is being stored that looks very critical:

enter image description here

Even more critical scenario will be if user has entered his/her Credit/Debit card number including CVV2 number and other essential information and might have forced App in background for a while.

I have been doing a little search on that and I got to know that, for an attacker to be able to leverage this attack, there are two ways for him to gain access to that:

  • The attacker needs physical access to the device with the intent of jail breaking.

  • Needs to be on the same network as user who has jail broken the device and attempt to access the device remotely.

What could have I done to avoid this being possible? Is there any solution that can avoid an attacker getting access to the sensitive information in this way?

Also I have gotten advice to enable a blank screenshot or delete the screenshot for the application, when the application is backgrounded. But, I don't have any idea what to choose and how to do it properly. Is there any other alternative?

Solution

  • Apple told us to hide secure info before going to background, so just give it a image to hide everything:

    -(void)applicationWillResignActive:(UIApplication *)application
{
    if(needToHide){
    _imageView = [[UIImageView alloc]initWithFrame:[self.window frame]];
    [_imageView setImage:[UIImage imageNamed:@"HideME.png"]];
    [self.window addSubview:_imageView];
    }
}


- (void)applicationDidBecomeActive:(UIApplication *)application
{
    if(_imageView != nil) {
        [_imageView removeFromSuperview];
        _imageView = nil;
    }
}