1

I am struggling to understand the benefit of using iOS keychain to store application passwords, secrets, and keys. It's the recommended way to "handle" this data but I am not seeing the benefit from a security perspective.

First, apple claims the keychain prevents other applications from accessing the sensitive data in keychain. The application sandbox design already prevents this, so I don't understand why storing in keychain would be necessary. Second, apple claims the data is stored "encrypted" in the iOS keychain and once can specify lock/access controls for each keychain item. If a user "roots" the device (jailbreaks the phone), there are tools out there that can access the entire data in the iOS keychain, rendering the keychain encryption and access controls useless.

It sounds like to me all the iOS keychain does is add extra overhead, from a security perspective Apple's application sandboxing and application code signing should be enough to protect sensitive application data. We should be able to simply store sensitive data on an iOS app's file system or in code, and rely on Apple's app sandboxing and code signing. Am I missing something?

AyBayBay
  • 1,726
  • 4
  • 18
  • 37
  • Jailbreaking is an extreme scenario which, from a security perspective, breaks most security measures Apple provided, as root access has the possibility to bypass certain security checks. The Keychain is a more secure environment than the file system, it's encrypted by a Secure Enclave key (given the user has PIN protection enabled). When talking security, making something harder to hack, gives a higher threshold for people to start messing with the system – Bram Jul 29 '21 at 13:30

2 Answers2

0

One thing you miss is that the stored data will remain in Keychain even if the app is removed, so it can be retrieved in case the user re-installs the app, unlike the data on the application's file system which will be lost when the app is removed.

Arik Segal
  • 2,963
  • 2
  • 17
  • 29
  • This is undefined behaviour. There are questions on SO and Apple forums who have problems with this unexpected behaviour – Bram Jul 29 '21 at 13:26
0

Advanced Persistent Threats (APTs) are often capable to silently break out of the sandbox so you cannot rely on SandBox to protect any sensitive data.

The keychain on the other hand is encrypted by the SEP (Secure Enclave Processor) which, while not infallible, it's so much harder to break.

GeoSn0w
  • 684
  • 1
  • 9
  • 20