Every time security of Apps comes up, it turns out a lot of people are unaware of this being an issue. For instance, iOS takes screen-shot of visible screen every time our App gets backgrounded and it is stored in local storage.
Now that's the thing I want to get rid of. I am developing an App that does online financial transactions and I want my App be very powerful in terms of security aspect. Here is the path where the screenshot is being stored when my App gets backgrounded.
Path: /private/var/mobile/Applications/15980ADD-B269-4EBE-9F52- B6275AFB195A/Library/Caches/Snapshots/com.ABC.myAppName/screenshotName.PNG
This is the image which is being stored that looks very critical:
I have been doing a little search on that and I got to know that, for an attacker to be able to leverage this attack, there are two ways for him to gain access to that:
The attacker needs physical access to the device with the intent of jail breaking.
Needs to be on the same network as user who has jail broken the device and attempt to access the device remotely.
What could have I done to avoid this being possible? Is there any solution that can avoid an attacker getting access to the sensitive information in this way?
Also I have gotten advice to enable a blank screenshot or delete the screenshot for the application, when the application is backgrounded. But, I don't have any idea what to choose and how to do it properly. Is there any other alternative?
Answer and suggestion of this question will surely help me. Appreciate your advice.
Thanks in advance !!!
Aucun commentaire:
Enregistrer un commentaire