I store some preferences in iCloud with a help of [NSUbiquitousKeyValueStore defaultStore]. Can foreign apps get data from my app cloud using my app cloudURL [[NSFileManager defaultManager] URLForUbiquityContainerIdentifier:nil] or using something else? If yes, how can I protect my data?
As far as I know, every app works in its own sandbox and therefore it is not possible to get data from other (3rd party) apps - it doesn't matter whether they store their stuff in iCloud or on the device.
If you want to provide some data from one of your apps for other apps then you need to provide them on your own server so other apps can download what they need.
But of course the people owning the actual device can access all information stored on the device if they use programs on their computers that allow people to access iPhone's file system.
Related
I am making a mobile app using Cordova and I need to save some sensitive and not so sensitive data inside the phone. I am a bit lost on what is the best way to do it.
I need to save:
A JSON web-token (for authentication).
A response from server (I save this to populate my page in case the GET request fails).
Coordinates information when user is logging data to the app (for later upload to a server from with in the app). These will be many separate logs, and can be large in size for local storage ~5-10 MB.
Till now i have been successfully saving everything I need to the local storage but I don't think that is the correct way to do it. So that is why I need some help in deciding what is the best course to take from security point of view.
Saving server response is just for better UI experience and static in size so I guess local storage is a good option to use.
But web-tokens and GPS logs is sensitive information and I dont want to keep it in the local storage as it is accessible from outside the app.
What other options do I have?
Cordova still doesn't have encrypted storage.
Is saving to files a good approach? This here says that data contained inside cordova.file.applicationStorageDirectory is private to the app.So can I use it to save the logs and the token?
The plugin also lists the file systems for Android and iOS and lists which of those are private.
I am currently working with android phones but want to extend the app to iOS later. I have never worked with file systems and caches before so I am a bit lost.
How does the Dropbox Datastore API differ from similar offerings like Parse? One difference that I see is that my users pay for server storage instead of me. Are there other differences?
Disclaimer: I'm a Dropbox engineer who worked on the Datastore API, and know about the Parse API only indirectly. Weigh my opinion appropriately. Major differences I know of (pro and con):
Dropbox Datastores are free to the developer, and free the user for the first 5MB per-app (after which their Dropbox quota applies). Parse charges developers based on how many API requests they’re making.
Parse has minimal offline support, while Dropbox has full offline operation. With Dropbox, if the developer modifies data while offline, those modifications will be reflected in subsequent queries (with Parse, those changes are not reflected). Dropbox provides on-device query logic (unlike Parse) so that apps can continue to generate the views they need to, even when there’s no Internet available. In addition, Parse does not provide conflict resolution or querying offline.
Parse provides the ability to share data between users, and global data for all users of the app. Dropbox Datastores only support per-user data (for each app) for now (sharing is on the roadmap).
I would also add that:
Parse is full feature of backend of as service. You can find a pretty complete list of the other player in this field: http://en.wikipedia.org/wiki/Backend_as_a_service. They provide feature like:
Data service
User registration/auth
Push notification
Social
The dropbox Datastore APIs is more focusing on data services. (You also got the User part for free too?) Also it works full offline.
The Parse framework can store data that can be ready by any user in the application.
The Dropbox datastore, store data for each user, and you can't accesss data from other user. That's the main difference.
So easy to get lost in this since you have to read between the lines. My take is that with Datastore you are working with objects stored offline locally as json. I'm hoping they will soon release a Xamarin Android component - they released an IOS component last month. Since Xamarin targets both Android and IOS and Winphone, who knows why they made a dedicated IOS DLL for Xamarin but I digress. With Parse, it appears to me their intent is the always-connected-device. Sure you can save queries locally and you can save (save eventually) locally where Parse will push to the server when it is connected. But saving "eventually" and saving queries for offline work is a different design than just saving and letting Parse do it all in the background for you - which it does not unless I have missed something that would make this attractive to me. I cannot see Parse useable for devices that you know will be sometimes-connected, without a lot of code to make this happen and sync.
I'm developing an internal iOS cocoa app, in which multiple devices need to connect and read/write to a data connection. It will be similar to an inventory application.
Would this be best done using a server-side SQLLite communicator or some other kind of server-side data store? Or is there a method i don't know of that multiple devices can share data.
Any help is appreciated. Thanks.
A third-party service possibly worth checking out is Parse.
With Parse, you can add a scalable and powerful backend in minutes and launch a full-featured app in record time without ever worrying about server management. We offer push notifications, social integration, data storage, and the ability to add rich custom logic to your app’s backend with Cloud Code.
Depending upon the complexity and assuming that all devices can be connected to the same icloud account you could utliize icloud for this.
http://www.raywenderlich.com/6015/beginning-icloud-in-ios-5-tutorial-part-1
Is it possible on iOS to access another app's file data? On Android, that seems possible according to following URL.
Sharing files/ installation directory between two apps
No, that is not possible.
All iOS apps are sandboxed (at least on non-jailbroken devices), and while keychain data can be shared (between Apps that share their Bundle Seed ID), doing the same for file-based data is currently not possible.
What you CAN do is pass data to other apps by exchanging them via a server or call a URL scheme that another app has registered. Apple says:
Using a URL-based syntax, you can access data from the Web, as well as
pass information to other installed applications, such as Mail,
iTunes, and YouTube. Your own application can declare a unique URL
scheme, allowing any application to collaborate and share data with
your app.
It depends on what kind of data. In fact, iOS apps may only share keychain data. From Apple's doc :
An app ID has two parts: the team ID followed by the bundle ID search
string. The team ID is a 10-character string generated by Apple. Each
development team is assigned a unique team ID used to identify all
your apps. The team ID allows you to share keychain data between apps.
Apps with the same team ID can share data, such as usernames and
passwords. A bundle ID search string is traditionally a
reverse-domain-name style string. It’s the string you use in Xcode as
the bundle ID.
I've never done this, but there must be many tutorials on how to do this.
It is not possible to access other app's data installed on any Apple device. It is restricted by apple.
Anyways you can try it on JailBreaked devices. These operations are handled by Apple Private API's. Which you cant access in regular devices.
If you get access to them/used in your application, apple will reject your application.
I am hoping to create an iPad app to do the following:
Download data from a user's machine/local server
Encrypt this data and store it securely on the iPad
Provide an API so that others can write specially signed apps that query this API to access the secure data.
Its is the last requirement I am starting to think is "impossible". Does anybody know whether it is possible or not and if not of any solutions?
Thanks
If you want to share data between applications, a good solution is to create a custom clipoard type, and have both applications access it.
You can also write your data in a file, and ask iOS to open that file in another application. This other application will then open and decrypt the contents of this file.