Application Security on Apple iOS Mobile Devices - dummies

Application Security on Apple iOS Mobile Devices

By Rich Campagna, Subbu Iyer, Ashwin Krishnan, Mark Bauhaus

Mobile device application developers use the sandboxing capability of Apple iOS to ensure the security of user data and to ensure that their applications don’t share data with other apps installed on the user’s device. Each app has access to its own files, preferences, and network resources.

Recent versions of iOS have also added the capability to encrypt application data so that sensitive data such as usernames, passwords, or credit card numbers can’t be accessed easily from the file system.

The sandbox forms and maintains a private environment of data and information for each app. A sandbox limits the damage that a potential hacker can do to an Apple iOS device, but it cannot prevent an attack from happening. Although Apple has built robust sandboxing features into the Apple iOS, it’s up to the app developers to ensure that their apps are written securely.

When an app is installed on a mobile device, the system creates a unique folder for it, much like you would do on a regular computer. The path to the app’s home directory looks like /ApplicationRoot/ApplicationID/

The ApplicationRoot folder is where all apps are installed. The ApplicationID is a unique name for each app, and distinctly identifies the app to set it apart from other apps. Each app stores user data and configurations within this folder.

Application directories and separation on an Apple iOS device.
Application directories and separation on an Apple iOS device.

Protecting files on Apple iOS devices

On Apple iOS devices, certain files marked by the app developers can even be encrypted when the device is locked. Doing so requires the encryption capability of the device to be enabled and configured. Once that’s done, certain types of content can be protected automatically when the device is locked. When the files are locked, not even the app can access their contents.

This feature also extends the protection that shields a particular app’s data from another app. Note, however, that this is an optional feature; not all apps need to encrypt files on the file system. A file only gets encrypted if the app developer designates it for automatic protection. Even so, this is a useful feature for app developers, especially if they hold sensitive information on the device (such as the user’s username, password, or other credentials).

Sandboxing your apps on Apple iOS devices

If you’re in the process of buying apps — whether for your company’s employees or for yourself — you’d be well advised to check each app’s security capabilities. As noted earlier, some capabilities (such as file encryption) are optional and used at the discretion of the app developer. Therefore, it’s worth asking those app developers about the security capabilities of the apps.

If you’re considering writing apps for iOS, the native capabilities of iOS allow you to build security within the app itself. For more information about how to develop security within your app, consult the Apple iOS developer documentation.

If you want to deploy corporate apps for your employees’ Apple iOS devices, look for Mobile Device Management capabilities that will enable you to set policies governing the use of third-party apps on those devices.