Metadata with sensitive information - Swift

Metadata with sensitive information - Swift

Need

Protection of sensitive information in metadata files

Context

  • Usage of Swift programming language for iOS and macOS app development
  • Usage of UIKit for building modern and responsive user interfaces

Description

Non compliant code

        import UIKit

class ViewController: UIViewController {
    
    var sensitiveData: String = "This is sensitive data"

    override func viewDidLoad() {
        super.viewDidLoad()
        
        let metadata = ["SensitiveData": sensitiveData]
        
        // Save metadata to a public file
        let filePath = NSHomeDirectory() + "/Documents/publicMetadata.plist"
        (metadata as NSDictionary).write(toFile: filePath, atomically: true)
    }
}
        
        

The above Swift code is a simple representation of a UIViewController class in an iOS application. This class contains a variable sensitiveData that holds some sensitive information. In the viewDidLoad() method, this sensitive information is included in a metadata dictionary.

The vulnerability lies in the fact that this metadata dictionary is being saved to a public file named publicMetadata.plist within the application's Documents directory. The information in this directory can be accessed by anyone who can access the device's file system.

In this case, the sensitive data is written directly to the file without any form of encryption or obfuscation, which means anyone who can access the file can read the sensitive information. This is a clear violation of data privacy and security principles, and it exposes the application to potential data breaches.

Steps

  • Avoid storing sensitive data in public metadata files.
  • Identify the sensitive data that needs to be protected.
  • Implement proper data encryption techniques to protect sensitive data.
  • Store sensitive data in secure storage mechanisms such as Keychain or encrypted databases.
  • Ensure that only authorized users or components have access to the sensitive data.
  • Implement access controls and authentication mechanisms to restrict access to sensitive data.
  • Regularly review and update the security measures in place to protect sensitive data.
  • Consider using obfuscation techniques to make it harder for attackers to extract sensitive information from the application's binary.
  • Perform security testing and code reviews to identify and address any potential vulnerabilities.

Compliant code

        import UIKit
import Security

class ViewController: UIViewController {
    
    var sensitiveData: String = "This is sensitive data"

    override func viewDidLoad() {
        super.viewDidLoad()
        
        // Save sensitive data to Keychain
        let keychainQuery: [NSString: NSObject] = [
            kSecClass: kSecClassGenericPassword,
            kSecAttrAccount: "SensitiveData",
            kSecValueData: sensitiveData.data(using: .utf8)! as NSObject,
            kSecAttrAccessible: kSecAttrAccessibleWhenUnlocked
        ]
        
        SecItemAdd(keychainQuery as CFDictionary, nil)
    }
}
        
        

The updated code now stores the sensitive data in the iOS Keychain, which is a secure storage mechanism provided by Apple. The Keychain is encrypted and can only be accessed by the app that created the data, or by apps with the same keychain access group.

The SecItemAdd function is used to add the sensitive data to the Keychain. The kSecClass attribute is set to kSecClassGenericPassword to indicate that the item to be added is a generic password. The kSecAttrAccount attribute is set to the key under which the data will be stored. The kSecValueData attribute is set to the sensitive data that needs to be stored. The kSecAttrAccessible attribute is set to kSecAttrAccessibleWhenUnlocked, which means that the data can only be accessed when the device is unlocked.

This way, the sensitive data is securely stored and is not exposed through public metadata files. The data is also protected from unauthorized access, as it can only be accessed when the device is unlocked and only by the app that created the data or by apps with the same keychain access group.

References