6. Disclaimer
Hacking of App Store apps is not condoned or encouraged in any way. What you do on your own time
is your responsibility. @sethlaw & nVisium take no responsibility if you use knowledge shared in this
presentation for unsavory acts.
24. Application Anatomy
• Library/…
• Other folders may exist for specific purposes
• Files not exposed to the user
• SyncedPreferences/ - iCloud NSUserDefaults
• Cookies/ - Persistent cookie values
• Application Support/ - Other App files
• FlurryFiles/ - iAd files
• tmp/
• Scratch space
• Can be cleared by iOS when App not running
27. Data Storage
• M2 in OWASP Mobile Top 10
• Anything stored by the App on purpose
• Data at rest on a mobile device
• Majority of “mobile security” issues in the
news.
• Relevant functionality
• Core Data
• NSUserDefaults
• Keychain
• Documents
• Cache
44. Data Storage - Defense
• Property List - Countermeasures
– Don’t store sensitive data using NSUserDefaults
– When ignoring rule #1, encrypt the data
– Use checksums or signatures to validate that
data returned from NSUserDefaults is appropriate
– iOS Keychain
– For quick Keychain conversion, use a library
– https://github.com/matthewpalmer/Locksmith
45. Data Storage - Defense
• Keychain
– Mac OS X/iOS Password Manager
– OS enforces security
– CAREFUL
• Keychain can be accessed by apps running on
jailbroken devices.
• idb
– Don’t assume Keychain is secure.
– Know your Keychain Attributes.
– Layered Security
• The application will be used under the worst possible
conditions, protect for THAT instance.
46. Data Storage - Defense
• Keychain Analysis – know your attributes
Attribute Data is...
kSecAttrAccessibleWhenUnlocked Only accessible when device is unlocked.
kSecAttrAccessibleAfterFirstUnlock Accessible while locked. But if the device is restarted it must
first be unlocked for data to be accessible again.
kSecAttrAccessibleAlways Always accessible.
kSecAttrAccessibleWhenUnlockedThis
DeviceOnly
Only accessible when device is unlocked. Data is not
migrated via backups.
kSecAttrAccessibleAfterFirstUnlockThis
DeviceOnly
Accessible while locked. But if the device is restarted it must
first be unlocked for data to be accessible again. Data is not
migrated via backups.
kSecAttrAccessibleAlwaysThisDeviceO
nly
Always accessible. Data is not migrated via backups.
47. Data Storage - Defense
• Keychain Analysis – know your attributes
Attribute Data is...
kSecAttrAccessibleWhenUnlocked Only accessible when device is unlocked.
kSecAttrAccessibleAfterFirstUnlock Accessible while locked. But if the device is restarted it must
first be unlocked for data to be accessible again.
kSecAttrAccessibleAlways Always accessible.
kSecAttrAccessibleWhenUnlockedThis
DeviceOnly
Only accessible when device is unlocked. Data is not
migrated via backups.
kSecAttrAccessibleAfterFirstUnlockThis
DeviceOnly
Accessible while locked. But if the device is restarted it must
first be unlocked for data to be accessible again. Data is not
migrated via backups.
kSecAttrAccessibleAlwaysThisDeviceO
nly
Always accessible. Data is not migrated via backups.