2

Is this a probable security flaw. A user in public (lets say Starbucks) tries to log in to iOS application. He enters user id and password [Password is hidden using xxxxxxxx (not exposed)] and a call comes in or he presses home and the application goes to background. a) Does iOS store an image of current screen b) A malicious hacker with intent takes control of the device. Can he read the password ?

Do we have to clear out sensitive information while going to background

rmaddy
  • 314,917
  • 42
  • 532
  • 579
user1509593
  • 1,025
  • 1
  • 10
  • 20

2 Answers2

1

Clear or obscure the screen prior going to the background. Probably the best is to put a view on top of the entire view or sensitive portion and set it to non-transparent prior to going into the background.

As for the malicious hacker, you are safe unless the iOS device is "jail broken". In the case of a "jail broken" there will be copies of the sensitive data in memory, NSString does not have a secure version thus the old data is still in memory until overwritten by other data.

File a bug report with Apple for both of these issues (I have), the more the better.

zaph
  • 111,848
  • 21
  • 189
  • 228
1

Most financial apps (like paypal, BofA) which seeks security in such case address this issue by adding a view or blur'ing the active view when app applicationDidEnterBackground and restore the original state when applicationWillEnterForeground of UIApplicationDelegate.

Here is another linked question.

Community
  • 1
  • 1
Ashok
  • 6,224
  • 2
  • 37
  • 55
  • Is there anyway, that the solution can handle both orientations – user1509593 Nov 05 '13 at 23:39
  • Wait a minute. Ypu provided a way to hide the screen. A collegue asked me, why cannot the person with malicious intent click on the icon and get the same information if the app has not timed out by the time he got hold of device. I guess the answer is dont allow the app to run in background, if security is priority – user1509593 Nov 06 '13 at 02:07
  • Yes, if security of any/user info in app is paramount importance and the complete app has sensitive info then that option (prohibit app from running in background) can be taken up. But, in general, I would suggest __selectively remove sensitive information from views before moving to the background__ for better user experience. Most apps does so. – Ashok Nov 06 '13 at 12:34