我可以阻止iOS用户更改日期和时间吗? [英] Can I prevent an iOS user from changing the date and time?
问题描述
我想将托管的iOS设备部署到公司的员工,他们将使用的应用程序将为本地记录的数据加时间戳,然后转发。我需要这些时间戳是正确的,所以我必须阻止用户调整设备上的时间,记录一个值,然后重置日期和时间。日期和时间将被配置为自动来自网络,但设备可能始终没有网络连接(否则我只会在每次记录数据值时读取网络时间)。我没有在Apple Configurator中看到一个选项来阻止更改日期和时间,那么有没有其他方法可以做到这一点?
I want to deploy managed iOS devices to employees of the company, and the app they will use will timestamp data that will be recorded locally, then forwarded. I need those timestamps to be correct, so I must prevent the user from adjusting the time on the device, recording a value, then resetting the date and time. Date and time will be configured to come from the network automatically, but the device may not have network connectivity at all times (otherwise I would just read network time every time a data value is recorded). I haven't seen an option in Apple Configurator to prevent changing the date and time, so is there some other way to do this?
推荐答案
您将无法阻止用户更改时钟或直接按其他评论员发布的方式点击您的API 。这是两个独立的问题,可以通过设置您在设备上控制的本地时间以及生成发送到服务器的散列密钥来解决。
You won't be able to prevent a user either changing their clock or just hitting your API directly as other commentators have posted. These are two separate issues and can be solved by having a local time that you control on the device and by generating a hashed key of what you send to the server.
设备上的本地时间:
要启动,请在启动从服务器发回时间戳的应用时进行API调用;这是你的实际时间。现在将其存储在设备上并运行一个使用电话正常运行时间功能的计时器(不是 mach_absolute_time()或 CACurrentMediaTime() - 当手机处于待机模式时,这些会变得奇怪),并且每秒钟会增加一些实际时间。我写了一篇关于我是如何做到这一点的文章对于我的一个应用程序(请务必阅读关注up 因为原始文章使用 CACurrentMediaTime()但是有一些错误)。您可以定期进行初始API调用(即,如果手机进入后台并再次返回),以确保一切都保持准确,但只要您不重新启动手机,时间应始终正确(应该当您下次打开应用程序以更新时间时提示API调用。)
To start, make an API call when you start the app which sends back a timestamp from the server; this is your 'actual time'. Now store this on the device and run a timer which uses a phone uptime function (not mach_absolute_time() or CACurrentMediaTime() - these get weird when your phone is in standby mode) and a bit of math to increase that actual time every second. I've written an article on how I did this for one of my apps at (be sure to read the follow up as the original article used CACurrentMediaTime() but that has some bugs). You can periodically make that initial API call (i.e. if the phone goes into the background and comes back again) to make sure that everything is staying accurate but the time should always be correct so long as you don't restart the phone (which should prompt an API call when you next open the app to update the time).
保护API:
您现在可以在设备上保证*准确的时间,但您仍有一个问题,即有人可能会错误地将时间发送到您的API(即不是从您的设备)。为了抵消这种情况,我会使用某种形式的salt / hash来发送与OAuth类似的数据。例如,获取您要发送的所有参数,将它们连接在一起并使用只有您知道的盐哈希它们并将该生成的密钥作为额外参数发送。在您的服务器上,您知道正在使用的哈希值和盐,因此您可以重建该密钥并使用已发送的密钥进行检查;如果他们不匹配,有人会尝试使用你的时间戳。
You now have a guaranteed* accurate time on your device but you still have an issue in that somebody could send the wrong time to your API directly (i.e. not from your device). To counteract this, I would use some form of salt/hash with the data you are sending similar to OAuth. For example, take all of the parameters you are sending, join them together and hash them with a salt only you know and send that generated key as an extra parameter. On your server, you know the hash you are using and the salt so you can rebuild that key and check it with the one that was sent; if they don't match, somebody is trying to play with your timestamp.
*警告:技术娴熟的攻击可能会使连接高举,以便任何调用示例。 com / api / timestamp来自他们设置的另一台机器,它返回他们想要的时间,以便给出电话错误的时间作为起始基准。有一些方法可以防止这种情况(混淆,将其与其他数据配对,加密),但这很快就成为一个非常开放的问题,因此最好在其他地方提出。上述和监视器的组合可能是最好的事情。
*Caveat: A skilled attacked could hi-jack the connection so that any calls to example.com/api/timestamp come from a different machine they have set up which returns the time they want so that the phone is given the wrong time as the starting base. There are ways to prevent this (obfuscation, pairing it with other data, encryption) but that becomes a very open-ended question very quickly so best asked elsewhere. A combination of the above plus a monitor to notice weird times might be the best thing.
这篇关于我可以阻止iOS用户更改日期和时间吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
