tags:

views:

83

answers:

2
Q: 

help with a useful implementation of keychain on an iphone app

Users have requested a "lock" on my iphone app, which makes good sense as it contains private information. I believe encryption of the data goes above and beyond what people expect on a phone, so my goal is simply to prevent unintended access to the app. My plan is to use keychain to store the password using my app name as the ServiceName.

My concern is what happens for users if they lose/forget the password they typed in. Is there something I can do programatically to allow a user reset? Would deleting the app delete the keychain for the app?

I don't want to collect user emails. (Well I do, but I don't want this to be the justification.) And don't want the user to be permanently locked out of the app if they've lost the passsword.

+1  A: 

The usual approach here is to collect a set of security questions and answers in addition to the (shorter, quicker) password or PIN. If the user forgets her password, she should hopefully remember the answers to her longer, more mnemonic security questions.

You can store both in the app's keychain.

Kaelin Colclasure  2010-09-21 14:41:41
I don't believe this is an appropriate model for my case as the typical easy-to-remember query/responses are the same that someone with access to a person's phone might already know (since they're likely to be a parent,child,sibling,spouse etc). At least I can't currently think of an easy, appropriate question that would prevent access from my brother, for example.
 2010-09-22 14:31:01
A: 

On the iPhone there is just a single keychain database, and there is no possibility to add a custom, application specific, keychain (as you can do on a Mac instead). By default, the keychain items you add to the keychain in your app are only available to your app. There is no documentation (to the best of my knowledge) stating the behavior occurring when the user deletes your app: may be iOS 4.1 deletes the app keychain items, may be it does leave them in the keychain.

Depending on how you stored the user's password, you may be able to retrieve it. For instance, if you stored a tag related to your application along with the user's password in a kSecAttrApplicationTag, then you may search for your exact tag in the keychain using the 

OSStatus SecItemCopyMatching (
   CFDictionaryRef query,
   CFTypeRef *result
);

function. If the search is successful, then you may retrieve the password from the returned dictionary using the kSecValueData key or, if you prefer, you can even change it using 

OSStatus SecItemUpdate (
   CFDictionaryRef query,
   CFDictionaryRef attributesToUpdate
);

For additional information, see the keychain reference and the Keychain Services Tasks for iOS documentation.

unforgiven  2010-09-21 15:57:47
Agreed, my app can retrieve the password from the keychain. What are the conditions under which I would/should? I can make some hidden combination of key strokes that I tell the user when they contact me. I can have the app email the password, but there's no security there but my judgment. I am lost at how to reasonably prevent users from potentially being permanently locked out of the app.
 2010-09-22 14:34:37
The only condition you should verify is that the user asking for the password is actually the legitimate owner of the app. A possible solution is to allow the user entering the password for at most 3 times. After 3 wrong passwords, you lock the application and ask the user to unlock it through In App Purchase. To buy the unlock feature, the user must demonstrate that he/she knows the password tied to the AppStore account. This provides evidence that the user is the legal owner of your app (someone may stole his/her account credentials but you can not cope with every possible situation).
unforgiven  2010-09-22 16:40:12
After purchasing the unblock feature, the user may be shown in clear the password you recover from the keychain, or a dialog asking him/her to change the password: in this case you simply update the keychain item with the new password. Paying for this service, say at tier 0, seems reasonable to me.
unforgiven  2010-09-22 16:45:56
I hadn't realized I could lock an app. This all makes sense. Thank you for your help.
 2010-09-23 01:23:29
Yes, you may decide to lock some features and to unlock them through In App Purchase. In your case this makes sense owing to the fact that your users, once informed, will probably react responsibly trying to avoid loosing their password. And, even if they actually loose it, they will be able to recover it through your paid service, which in turn also provides a "good" degree of authentication.
unforgiven  2010-09-23 06:46:03

related questions

How do we get arround Apple's decission to skip sms templates for iPhone?
iPhone App Crashing - Error Question
Can I write native iPhone apps using Python
Does the Iphone 1/2 have a compass inside?
How do you beta test an iphone app?
Is it just the iPhone simulator that is restricted to intel only Mac's?
iPhone App Minus App Store?
Deleting messages from Exchange IMAP mailbox on iPhone
Is there a multiplatform framework for developing iPhone / Android applications?
How can I launch the Google Maps iPhone application from within my own native application?
Tips for a successful AppStore submission?
iPhone app that access the Core Location framework over web
Virtual Mac?
What's a good machine for iPhone development?
How can I develop for iPhone using a Windows development machine?
Recommended iPhone Development Resources
Best Wiki for Mobile Users
How to programmatically send SMS on the iPhone?
iPhone - Exchange Calendars in Public Folders
iPhone web applications, templates, frameworks?
Understanding reference counting with Cocoa / Objective C
How-to articles for iPhone development, Objective-C
What are the correct pixel dimensions for an apple-touch-icon?
How do I give my web sites an icon for iPhone?
iPhone app in landscape mode