Search code examples
iossecurityjailbreak

NSFileProtection on Jailbroken device

I need to secure some sensitive data in my app. I would like to use NSFileProtection to do that. I'm wondering, will user be able to browse files protected with NSFileProtection if he will jailbroke its device? If yes, is there any other way to protect such data against jailbreaking device?

Solution

  • NSFileProtection does not offer any real protection from code executed on the device with root privileges. Without pincode you can just open any file. With pincode files will not be accessible when device is locked but it's easy to intercept pincode being entered and use it later to programmatically disable protection and open any file at any time. But if the user himself wants to get access then he will not be using pincode in the first place.

    As to other ways of protection, I don't think you can properly secure anything from skilled user. There're a couple of ways but there're always ways around them:

    1. Encrypt the data and store encryption keys localy. User could find the keys and decrypt everything
    2. Encrypt the data but store encryption keys on the server side, never cache them anywhere localy. User could sniff web traffic and get the keys. SSL with certificate pinning will protect you from that. But user can always patch your app's binary or use hooks to either disable encryption altogether or dump encryption keys.
    3. Don't store anything localy, always access data from the web. Use SSL with ceertificate pinning to avoid sniffing. But again, binary patches and hooks are still possible.

    So I don't think you can fully secure your data but you can make protection sufficiently difficult to reverse engineer and disable so that most of the users will not go through it.