Can database file be seen in a jailbreak device?
Question
I wonder if a database file in resource directory NSBundle.mainBundle().pathForResource("xxxx", ofType: "db") can it be seen in a jailbreak device?
Some directories and files, such as document and library, can be seen via a program connecting with the jailbreak device. I'm considering if the contents of database file need to be encrypted.
2 answers
solution1
1 ACCPTED 2015-10-29 11:42:43
All app files are available to the user, jailbroken or not, either in the sandbox directories or in the .ipa.
What is not stated in the question is wether the db will be pre-populated during app creation and if so will it be read-only or allow additions/changes. A db in the resource directory is read-only and must be copied to a sandbox directory in order to be written to.
Encryption is an option to increase the work factor, that is make it harder obtain the db contents and discourage the curious by increasing the difficulty to obtain access.
The problem with encryption is that the key needs to be available to the app code and there is no secure way to have it available to the code and not also have it available to a determined and capable attacker. You need to define the attacker and the value of the data.
But as previously stated, increasing the work factor can provide meaningful security. The simplest way is to encrypt the db and place the key in the source code and try to make it non-obvious.
solution2
0 2015-10-29 10:18:04
Since you can access all files on a jailbroken device: yes, a user can see your database on a jailbroken device. But since it's in your bundle, all a user needs to see your file is the IPA.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.