iOS security protection for local files

Source: Internet
Author: User
Tags vars password protection

Start with a few off-topic, many friends asked me how not to write anti-ah, I do have a little hesitation.
Hackers always imagined that if he was a developer, he would be able to write, and then find the starting point. Similarly, developers have to imagine what hackers would do to take defensive measures. Then, it is a recursive game.
Take the jailbreak detection this matter, at first we just have to judge if there is no installation Cydia good, hackers said, then I do not install Cydia can also hands foot. Developers say, then you have to use the Mobilesubstrate,bash,ssh bar, I go to detect whether the phone has installed these tools. But what's the use of it? You judge what I'm going to go around.

When Class-dump is popular and function symbols are exposed, developers try to hide their sensitive function code. Hackers also know where the class-dump of the dead cave, so the new search method arises spontaneously. Also said that when a defensive means become popular, it will no longer be a hackers to scold "akzent laborious" defensive means. For example before the introduction of a small trick: memory data erasure, hackers know that developers are going to wipe the data, then I hook memset before you wipe to read it. Developer said: I write directly on the hard drive and then delete! Hackers said: Haven't you heard of file recovery?



OK, there's a bit of a lot of poverty, this article describes defense-related topics ———— iOS data Protection API.

Data Protection API


Files in the file system, items in the keychain, are stored encrypted. When the user unlocks the device, the system generates a password key for decryption using the Udid key and the user's password, which is stored in memory until the device is locked again, and the developer can use the data Protection API to set the file in the file system, When the items in the keychain should be decrypted.

1) File Protection

  1. /* Set protection level for filepath files */
  2. Nsdictionary *attributes = [nsdictionary dictionarywithobject:nsfileprotectioncomplete
  3. Forkey:nsfileprotectionkey];
  4. [[Nsfilemanager Defaultmanager] setattributes:attributes
  5. Ofitematpath:filepath
  6. error: nil];

  1. File Protection level attribute list
  2. Nsfileprotectionnone //File not protected, ready to access (Default)
  3. Nsfileprotectioncomplete //files are protected and accessible only if the device is not locked
  4. Nsfileprotectioncompleteuntilfirstuserauthentication //file is protected until the device boots and the user enters the password for the first time
  5. Nsfileprotectioncompleteunlessopen //files are protected and can be opened only if the device is not locked, but even when the device is locked, the files that have been opened can continue to be used and written



2) Keychain Protection

  1. /* Set the Keychain protection level */
  2. Nsdictionary *query = @{(__bridge ID) Ksecclass: (__bridge ID) ksecclassgenericpassword,
  3. (__bridge ID) ksecattrgeneric:@ "myitem",
  4. (__bridge ID) ksecattraccount:@ "username",
  5. (__bridge ID) ksecvaluedata:@ "Password",
  6. (__bridge ID) ksecattrservice:[nsbundle mainbundle]. Bundleidentifier,
  7. (__bridge ID) Ksecattrlabel:@ "",
  8. (__bridge ID) ksecattrdescription:@ "",
  9. (__bridge ID) ksecattraccessible: (__bridge ID) ksecattraccessiblewhenunlocked};
  10. Osstatus result = Secitemadd ((__bridge cfdictionaryref) (query), NULL);

  1. List of keychain protection levels
  2. ksecattraccessiblewhenunlocked //keychain items are protected and can only be accessed if the device is not locked
  3. Ksecattraccessibleafterfirstunlock //keychain items are protected until the device boots and the user enters the password for the first time
  4. Ksecattraccessiblealways //keychain is unprotected and can be accessed at any time (Default)
  5. Ksecattraccessiblewhenunlockedthisdeviceonly //keychain items are protected and can only be accessed if the device is not locked and cannot be transferred to another device
  6. Ksecattraccessibleafterfirstunlockthisdeviceonly //keychain items are protected until the device boots and the user enters the password for the first time and cannot be transferred to another device
  7. Ksecattraccessiblealwaysthisdeviceonly //keychain is unprotected and can be accessed at any time, but cannot be transferred to other devices



Application examples


Writes a piece of information infostrng a string into the file and then sets the protection through the data Protection API.

  1. NSString *documentspath =[nssearchpathfordirectoriesindomains (nsdocumentdirectory, NSUserDomainMask, YES)   Firstobject];
  2. NSString *filepath = [Documentspath stringbyappendingpathcomponent:@ "DataProtect"];
  3. [Infostring Writetofile:filepath
  4. atomically:YES
  5. encoding:nsutf8StringEncoding
  6. error: nil];
  7. Nsdictionary *attributes = [nsdictionary dictionarywithobject:nsfileprotectioncomplete
  8. Forkey:nsfileprotectionkey];
  9. [[Nsfilemanager Defaultmanager] setattributes:attributes
  10. Ofitematpath:filepath
  11. error: nil];


After the device lock screen (with password protection), even if the jailbreak machine, under the root permission, cat read the file information will be rejected.

Note: Go from blog http://www.cnblogs.com/ios8/p/ios-data-protect.html.

(go) iOS security protection for local files

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.