0

I'm using Titanium.App.Properties to store user highly confidential data. So is it safe to store values here. Is it possible jailbreak iPhone's to leak this values. Is this values encrypted or stored as plain text?

Thanks in Advance.

aleks
  • 106
  • 2
  • 10
  • If your interested in this question why not support the Area 51 proposal for a [jail-breaking Stack Exchange site](http://area51.stackexchange.com/proposals/18154/ios-jailbreaking-development?referrer=EuWVi6IpN0_KzzEhC7I-Qw2) – Richard Stelling Jan 02 '12 at 14:25

2 Answers2

2

Here is an update to this old question:

From Titanium 3.X docs:

As of Release 3.2.0, any application properties defined in the tiapp.xml file are stored in the device's secure storage, making them read-only. Additionally, external access to these properties is now restricted. Other iOS applications cannot access these properties and native Android modules must use the Titanium module API TiApplication.getAppProperties method to access these properties.

If you need to change the values during runtime, initially create the property with these APIs rather than defining them in the tiapp.xml file.

Prior to Release 3.2.0, application properties defined in the tiapp.xml file could be overwritten by these APIs and accessed externally by other applications and modules.

So, the answer to the question is:

  • If using SDK version 3.2.0 and above; Titanium.App.Properties is secure enough to store sensitive app-related data:
    • For storing constant values (cannot be changed at run-time); use tiapp.xml file. e.g. <property name="app.google.api.key" type="string">key_here</property>
    • To get and set values dynamically at run-time, use Titanium.App.Properties.
  • You can also use this module for securely storing and reading app or user related data.
    See this example code that defines security levels of each operation.
Onur Yıldırım
  • 32,327
  • 12
  • 84
  • 98
  • would you happen to know what does "device's secure storage" mean? would it be readable on a jailbroken system? I would like to use the tiapp as a configurator for my app, but I'm worried that the content of the tiapp is somehow readable and can be used to hack the logic. – Alberto M Jun 01 '16 at 13:22
0

Titanium.App.Properties are stored in a simple .plist file. It is in a compressed (encoded) XML file. So not encrypted, but also not technically in plain text (although any .plist reader, including the Mac itself, can present it in plain text.

Source: http://developer.appcelerator.com/question/130050/titaniumappproperties-is-it-safe

JackPoint
  • 4,031
  • 1
  • 30
  • 42