I have an iOS app that connects to a server periodically looking for data updates. The connection uses SSL and HTTPBasicAuthentication.
What is the best way to include my servers logon credentials with the app? From my understanding, a jailbroken iPhone could read my build files and easily see the username and password to log into my server.
Thanks,
Mike
There is no way to secure this totally. The best you can do is to obscure it somewhat (perhaps an encrypted file that you decrypt in the app) and then monitor the server for what looks like traffic not from the app.
If you wanted to be sneaky encrypt the authentication data and then use some kind of stenography - embed the credentials in an image, or even as raw data in a file that looks like something else (like an SSH key).
But a jailbroken developer will always be able to hook into your application to see the results of parsing that out, or possibly run an SSH proxy to simply monitor everything you are sending.