views:

79

answers:

3

Hi Is there a way to decompile the binary from an IPhone app. I jailbroke my IPhone and was surprised to find other app's dbs wide open to be copied. So I exported my most important table and hardcoded it into code. Instead of loading table into array from a db I just generated code to fill the array and kept only the most basic DB info so relationships still work. Took a while but now works fine.

I was just wondering am I safe, could someone decompile the binary for the app easily and extract the data. In Java its easy to decompile *.class files though thats bytecode where I presume iphone apps are more low level.

I know IPhone sdk 4 can mark files as secure. Anyone know can this be overridden by jailbreaks or is this an unix lock?

+1  A: 

Short of encrypting that data, you are really only protected by peoples lack of motivation. If someone with enough motivation wants to look at the data, they can. Even if you encrypt the data, if they key is in, or generated by, your code they can find that too.

drawnonward
A: 

To be honest Apple couldn't secure a brick. The iPhone has been almost continuously jail-breakable seance the beginning. Users (read hackers:) have more control over the device than developers. There is no way that you can truly secure content on the device. If encryption is used, there is nothing keeping the attacker from obtaining the key. (He has control over all libraries and can hook any function call he wants.)

It is common to see developers fall back on Security Though Obscurity, and I'm not going to entertain these ideas. If there is data on the device, a hacker can and will make a copy of it.

Rook
yes i renamed all the tables, and fields.One table had a lot of GPS data I manually discovered so didnt want copied. I extracted all the data in that table and generated code to fill the NSDictionary the table is stored in and run this when app starts. I kept the id field filled in so other relationships still work. if i need a row in the table I find the id and then look it up in the internal NSDictionary. seems to be working fine. My next app ill definitely add obscufication(so obscure i'm not sure how to spell it :) ) in as part of the design.
clearbrian
A: 

I jailbroke my IPhone and was surprised to find other app's dbs wide open to be copied.

No. There is nothing wrong with this. It has to be stored somewhere.

So I exported my most important table and hardcoded it into code.

Bad move.

A jailbreak from a priviledge domain is a vulnerability in the phone and is not your problem. There is nothing you can do about that, and even encrypting your data will not save you because all privileged code on the phone will be able to access the encryption keys.

In other words:

Code will not normally be hostile and steal your goods. The only reason it would is because the user downloaded bad code onto the phone or a remote exploit took place.

Longpoke