How to protect the iOS application in case of any OS attack(On jail broken devices)

Question

I would like to protect my application data in case of any OS attack or unauthorized access on jail broken iOS devices. Is there any way to detect such threats and protect app data in such cases.

Answer 1

Jailbreaking doesn't really make any difference to the question, you have to assume that someone can get the files.

You can set up file protection so the data is protected, e.g.

NSDictionary*   attr = [NSDictionary dictionaryWithObjectsAndKeys:
    NSFileProtectionComplete, NSFileProtectionKey, nil];
[[NSFileManager defaultManager] setAttributes: attr ofItemAtPath: path error: &error];

Answer 2

Although I agree with what jrturton has said, if you have critical data that you want to protect from rogue apps(not the user), you may try the following:

1) Detect if your app has launced on a jailbroken device. Close the app, delete sensitive data. Refer this this thread.

2)Use third party solutions like one from EnsureIT. They are somewhat helpful in saving critical data stored by an app, from a rogue user/app on a jailbroken device.

3) Try Obfuscating your code. More information on this link.

You may also find something useful from discussion in this thread

Answer 3

If the user has jailbroken their device, then they have given up any expectation of protecting their data. It's not your problem. Do you want to deal with support requests from people who've done this?

Answer 4

No, you can't stop an OS (compromised or not) from reading out your application's memory no matter what. Don't even be fooled into thinking otherwise either, obfuscation/'encrypting' anything that will be decrypted for use on the same compromised device is a red herring and circumventable by definition.

Depending on what exactly your app is supposed to do you might be able to implement something that does that but doesn't have to know any sensitive data in the process though.