Security of app's storage area on iOS and Android

Solar2D General Questions/Discussion
#1

I understand there are 3 directories the app has access to TMP, CACHE, DOCUMENTS.

The RESOURCES directory is read only (being the app bundle itself)

If I want to store sensitive information that should persist for the lifetime of the app on that device - where should I place it?

I am thinking something like a cryptographic key.

If the app is uninstalled, the data should be removed.

The data should persist as long as the app is installed on the device.

It should NOT be possible to backup the data - either by Apple/Google, any third party, or by the user.

It should NOT be possible to view the data - either by Apple/Google, a third party, or the user.

Do any of the 3 provided directories satisfy this requirement?

#2

If you want to be able to save and load files, I’d say go for the Document folder. That’s the place we’ve gone every time with our projects.

However, be aware that it is not secure and anyone with a little know-how can get to the files in the folder. If you store parts of a public key there (and then use some rules to create the rest of the key in app) and use it to encrypt the rest of the data that you’ve stored in the Documents folder, like we do in our projects, then you can consider your data to be sufficiently safe.

I don’t think that it is possible to store data to a location where no one but you (and your app) can get to it.

#3

I would go a little further and say your only choice is system.DocumentsDirectory if you intend to write to/update the file. There is no guarantee that system.TemporaryDirectory or system.CachesDirectory won’t have files removed if space gets low. They are not guaranteed to persist. The system.ResourceDirectory is read-only and you cannot update files there.

If the app is removed, the sandbox files are also removed. You can set a flag on the file to prevent an individual file in system.DocumentsDirectory from being backed up. The default on iOS is to back up system.DocumentsDirectory to iCloud if the user enables iCloud backups. I believe Android has a similar feature.

What you cannot control is access to that folder from outside the app. Anyone can jailbreak or root their device. Once that happens the idea behind the sandbox being a hidden, protected environment goes out the door. For iOS, you used to be able to use iTunes and a tethered device to be able to add and fetch files from the documents directory to the attached computer. iTunes doesn’t have any app support anymore, but I believe the same can be done from Xcode. Android likely has a similar facility.

Now there is the system.ApplicationSupportDirectory which while you won’t prevent jailbroken/rooted devices from getting to it, is probably a bit more protected from facilities that allow legit copying from the sandbox.

Rob

#4

If you want to be able to save and load files, I’d say go for the Document folder. That’s the place we’ve gone every time with our projects.

However, be aware that it is not secure and anyone with a little know-how can get to the files in the folder. If you store parts of a public key there (and then use some rules to create the rest of the key in app) and use it to encrypt the rest of the data that you’ve stored in the Documents folder, like we do in our projects, then you can consider your data to be sufficiently safe.

I don’t think that it is possible to store data to a location where no one but you (and your app) can get to it.

#5

I would go a little further and say your only choice is system.DocumentsDirectory if you intend to write to/update the file. There is no guarantee that system.TemporaryDirectory or system.CachesDirectory won’t have files removed if space gets low. They are not guaranteed to persist. The system.ResourceDirectory is read-only and you cannot update files there.

If the app is removed, the sandbox files are also removed. You can set a flag on the file to prevent an individual file in system.DocumentsDirectory from being backed up. The default on iOS is to back up system.DocumentsDirectory to iCloud if the user enables iCloud backups. I believe Android has a similar feature.

What you cannot control is access to that folder from outside the app. Anyone can jailbreak or root their device. Once that happens the idea behind the sandbox being a hidden, protected environment goes out the door. For iOS, you used to be able to use iTunes and a tethered device to be able to add and fetch files from the documents directory to the attached computer. iTunes doesn’t have any app support anymore, but I believe the same can be done from Xcode. Android likely has a similar facility.

Now there is the system.ApplicationSupportDirectory which while you won’t prevent jailbroken/rooted devices from getting to it, is probably a bit more protected from facilities that allow legit copying from the sandbox.

Rob