0

I have an iOS app which keeps sync with a database of PDF documents via a RESTful web service. Basically, the app downloads a few PDF's which I am storing to the file system in my app.

I am using the Library/Caches directory.

NSSearchPathForDirectoriesInDomains(NSCachesDirectory, NSUserDomainMask, YES)

My requirement is to store the files such that the user cannot gain access to them in any way. When I write the file, I am also providing the option: NSDataWritingFileProtectionComplete

[decodedFile writeToFile:newFilePath options:NSDataWritingFileProtectionComplete error:nil];

However, I am still able to access the files through Devices -> Select My App -> Download Container...

I need to configure the app such that the downloaded content cannot be accessed by anything but the app itself. There must be a way to do this, but I have been unable to find anything...?

Jesse
  • 2,674
  • 6
  • 30
  • 47

1 Answers1

0

This is not a solvable problem. If this were a solvable problem, then it would be trivial for Apple to prevent Jailbreaking. They would just write a system validation key in whatever place the user cannot possibly access. The fact that Jailbreaking is possible despite Apple controlling every part of the ecosystem should put in perspective your chances of protecting data that you've written to a user's device from that user.

This has been discussed several times, including thoughts on what you actually can do and what's worth doing (nothing is going to be 100%; nothing is even going to be 90%). You can look over the previous incarnations of this question for more. Secure https encryption for iPhone app to webpage is a good place to start, since it includes links to several of the others.

Community
  • 1
  • 1
Rob Napier
  • 286,113
  • 34
  • 456
  • 610
  • Thanks for the info. I am not concerned with jailbroken instances. I just want to make it more difficult, or even ideally not possible for non-jailbroken instances. I understand that there is always a way, but simply connecting the phone to the mac and going into Xcode and having the capability to download the documents in 2 minutes is unacceptable. There must be a way around this. I will look at the links you provided... – Jesse Mar 22 '16 at 13:39
  • If the goal is to just "make it a little harder" then it's pretty trivial (as opposed to "cannot gain access to them in any way" which is impossible). Encrypt the data with a random key you hide in your app. Anyone strongly motivated with moderate skills will be able to break it, but it will work for the cases you describe. I know a lot of teams use RNCryptor this way. https://github.com/RNCryptor – Rob Napier Mar 22 '16 at 14:05
  • 1
    Actually what I ended up doing is even more trivial...on the server side where the PDF is added, I am adding a password to the document. In the iOS app, I am using that same password to open the document. If anyone were to dump the files, they wouldn't know the password. Problem solved. – Jesse Mar 23 '16 at 15:58