Skip to content

Inner Data Encryption (iOS)

Jump to bottom
Vasily Nemkov edited this page Nov 16, 2018 · 27 revisions

Link to the task

Here we can read general info about iOS identifiers

f1()

Instance ID via GGLInstanceID

CODE:

let instanceIDConfig = GGLInstanceIDConfig.default()
instanceIDConfig?.delegate = self
GGLInstanceID.sharedInstance().start(with: instanceIDConfig)
        
let iidInstance = GGLInstanceID.sharedInstance()
        
let handler : (String?, Error?) -> Void = { (identity, error) in
    if let iid = identity {
        self.instanceIDToken = iid
        print("instanceIDToken: \(self.instanceIDToken)")
                
        DispatchQueue.main.async {
            if !self.devicePushToken.isEmpty {
                self.generateMasterKey()
            }
        }
    } else {
        print(error)
    }
}
        
iidInstance?.getWithHandler(handler)

f2()

Identifier for Vendor (IDFV)

Here is Apple Documentation about identifierForVendor.

The value of this property is the same for apps that come from the same vendor running on the same device. A different value is returned for apps on the same device that come from different vendors, and for apps on different devices regardless of vendor.

CODE:

    UIDevice.current.identifierForVendor!.uuidString

f3()

Local password/Fingerprint protection

For the protection improvement one can add application's password/fingerprint protection.

For now we return empty string.

Keychain Storing

UID Key is an AES 256-bit hardware key, unique to each iPhone. It cannot be read by software instruments. Also one can read GID Key

Keychain storage use to secure data with UID key. Stored data can be marked "...ThisDeviceOnly" to avoid transferring data to another device (emulator/simulator). For example,

let kSecAttrAccessibleWhenUnlockedThisDeviceOnly: CFString
The data in the keychain item can be accessed only while the device is unlocked by the user.

Always use the most restrictive option that makes sense for your app. For apps running entirely in the foreground, them most secure option is kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly. If your app must access keychain items while running in the background, the most secure option is kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly.

Analyze security of keychain security.

Manual for iOS

Clone this wiki locally