how to encrypt iphone application

Question

I have some sensitive data in my application that i would like to protect (email password). I have been reading about AES but you have to use a passcode to encrypt and decrypt the data. If the user gets his hands on my code, he will get the password, be able to decrypt and get my email password, that's what i want to avoid. So i have some questions:

1. What technology should i use for this?

2. If i encrypt the whole application (not only the password string) would Apple be able to decrypt it when i submit my app to them.

3. How does it works when the user installs the application, would the email password still be encrypted?

Thanks in advance!

Answer 1

You can use Keychain on iPhone to store passwords... From apple: https://developer.apple.com/library/content/documentation/Security/Conceptual/keychainServConcepts/iPhoneTasks/iPhoneTasks.html

Little tutorial: http://iosdevelopertips.com/core-services/using-keychain-to-store-username-and-password.html

Answer 2

Anything that your app decrypts on-device can be decrypted by an attacker as well. Also, there’s no need to include an e-mail (I assume that means SMTP account password) in your app. Just use a web service.

In your app, create the request URL like this:

NSString *requestURLString = [NSString stringWithFormat:@"https://example.com/registration-api/register.php?name=%@&email=%@", [name stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding], [email stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding]];

Your web service could look something like this:

<?php
    $message = "Name: $_GET[name]\n\n$_GET[message]";
    mail('registrations@example.com', 'New User Registration', wordwrap($message, 70));
?>