用户可以访问iOS上的钥匙串吗? [英] Can the user access the keychain on iOS?
问题描述
我们正在考虑在我们的应用中存储一些我们不希望用户能够干预的信息(相当于用户名,密码等)。一个(坏)方法是将它们放在应用程序文件夹中的某个加密文件中,但如果我们这样做,用户就可以使用任何iOS文件系统探索工具并编辑或替换该文件,我们不知道不希望。
We're looking at storing some information (think the equivalent of usernames, passwords, etc) in our app that we don't want the user to be able to meddle with. One (bad) way to do this would be to put them in an encrypted file somewhere in the app's folder, but if we did that the user would be able to take any iOS filesystem exploration tool and edit or replace that file, which we don't want.
如果我们将详细信息存储在钥匙串中,用户是否可以通过任何方式读取或写入这些细节,例如通过运行相当于a的钥匙串文件系统探索工具?或者没有办法在没有运行该应用程序的情况下获取钥匙串中的应用程序信息?
If we stored the details in the keychain, is there any way the user could read or write those details, for example by running the keychain equivalent of a filesystem exploration tool? Or is there no way to get at the app's information in the keychain without running that app?
显然,如果用户攻击我们的应用程序,或者拥有越狱设备,或者某种方式中间人将信息发送到设备等的连接,他们可以访问钥匙串项目。我并不担心这一点 - 只是一个普通的,不受干扰的设备和没有奇怪的应用程序的用户是否可以访问钥匙串中的数据。
Obviously if the user hacks our app, or has a jailbroken device, or somehow man-in-the-middle the connection that sends the information to the device, or etc, they could access the keychain items. I'm not worried about that - just about whether a user with a regular, unhacked device and no weird apps on it could access the data in the keychain.
谢谢你你的帮助。
推荐答案
根据苹果文档:
在OS X中,任何应用程序都可以访问任何钥匙串项目,前提是用户同意,在iOS中,应用程序只能访问自己的钥匙串项目。
Whereas in OS X any application can access any keychain item provided the user gives permission, in iOS an application can access only its own keychain items.
注意:在iPhone上,Keychain权限取决于用于签署应用程序的配置文件。请确保在不同版本的应用程序中始终使用相同的配置文件。
Note: On iPhone, Keychain rights depend on the provisioning profile used to sign your application. Be sure to consistently use the same provisioning profile across different versions of your application.
因此,如果您认为您的设备未被越狱并且钥匙串子系统正常工作,只有您的应用程序(通过其配置文件确定)可以访问自己的钥匙串项目。如果您有不同的应用程序共享相同的配置文件,那么他们都可以访问相同的钥匙串项目。
So, if you assume that your device is not jailbroken and the the keychain subsystem is working properly, only your app (identified through its provisioning profile) can access its own keychain items. If you have different apps sharing the same provisioning profile, then they can all access the same keychain items.
这篇关于用户可以访问iOS上的钥匙串吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
