Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Is this secure for serialized data in App with NSCoding?

0
0

here is the things: there are some data sensitive which be stored in the device using NSCoding serialization.

I'd like to know is there a way the other people can find the key and unarchived the serialized object file to get data?

Thanks for help.

It is not safe to store sensitive data just using NSCoding. The NSCoded values are not encrypted in any way - you don't even need to know the keys - you can just look at a stored file directly and easily see the values if they are strings.

Sensitive data (particularly API access keys that provide privileged access to back-end web services or financial information) ideally should not be kept on the client device at all. Even when encrypted. In the extreme case, a black hat who has your app installed on their device can mount a man-in-the-middle attack and snoop on your internet traffic with your server. Instead you should a device-specific token approach if concerned about security so you can revoke a token if necessary without affecting other users.

If really concerned, you should look at two factor authentication in addition to the token.

Here is an intro for further reading.


Viewing all articles
Browse latest Browse all 12749