Reputation: 7424
Do users have access to the Documents directory in an iOS sandbox?
I'm saving data that keeps track of a users virtual purchases inside the Documents directory of the app's sandbox. For obvious reasons I don't want the user to have access to this file or be able to manipulate it.
Is this the proper directory for storing these files? If not where can I store files that can not be accessed by the user?
I did find this link from Apple that suggests that data such as this should be stored in the Library directory. It doesn't seem to say if it's secure from users accessing it though.
Upvotes: 0
Views: 1266
Answers (2)
Reputation: 1217
I'm not an iOS security expert, however, I can share my experience of working with users data on iOS. Any corrections/remarks are appreciated.
Generally speaking, the best recommendation would be to store important user's data remotely (i.e. having a server backend or using iCloud) with SSL-protected connection. However, if you are forced to store data locally for some reason, here are some recommendations:
1) Do not ever save important data in Documents directory or in NSUserDefaults as is. It's pretty easily accessible for user even on non-jailbroken devices. For instance, you can check iExplorer: as far as I remember, it does the trick.
2) If you really need to store some data locally, whatever your choice is: Documents folder, UserDefaults or CoreData, you have to encrypt it. Algorithm choice is up to you, but it's better to use some iOS built-in solution for it.
3) The data encryption assumes having a key for your app to decrypt it. The best way to store your key is KeyChain. Probably, that is the only place where you can store keys and other stuff like user's authorization data with no worries of being stolen from the outside.
Eventually, after all these steps your user's encrypted data can still be accessible by user. One won't be able to read it unless it is encrypted, but having access to the own keychain and some skill, an advanced user can finally get the original data. Moreover, it still can be damaged. So, in terms of saving data from being damaged or removed you still need to store backups or the data itself somewhere remotely.
Upvotes: 1
Reputation: 42459
You should treat data in the Documents directory as public. Anyone with an iOS device hooked up to a computer via USB using a tool such as iExplorer or iFunBox can view the contents of your application's Documents and Caches directory. For safety, consider using the keychain (if applicable), or a web service which validates the receipt (shared secret, user information, etc) to make sure that the user actually purchased the product, and isn't trying to spoof a transaction.
Upvotes: 0
Related Questions
- Why can't app access another app's document folder?
- iOS - Accessing filesystem outside sandbox on a jailbroken device
- File access in a sandboxed Mac app with swift
- Permission to access open document's enclosing folder in macOS
- Cannot create file or directory in documents folder in iOS sandbox
- User specific Documents directory on iOS device
- Accessing and using the files in the app sandbox
- Can a sandboxed app sold on the Mac App Store access system folders?
- Saving and then Deleting files from documents directory in iOS
- Storing file out of sandbox in iphone or Accessing filesystem by other applications