1

I have some sensitive data in my application that i would like to protect (email password). I have been reading about AES but you have to use a passcode to encrypt and decrypt the data. If the user gets his hands on my code, he will get the password, be able to decrypt and get my email password, that's what i want to avoid. So i have some questions:

1. What technology should i use for this?

2. If i encrypt the whole application (not only the password string) would Apple be able to decrypt it when i submit my app to them.

3. How does it works when the user installs the application, would the email password still be encrypted?

Thanks in advance!

Improve this question
2
  • 2
    Why do you have to insert this sensitive data into your app? Commented Aug 16, 2011 at 9:51
  • Because i'm sending an email from the app. Commented Aug 16, 2011 at 11:42

2 Answers 2

Reset to default
2

You can use Keychain on iPhone to store passwords... From apple: https://developer.apple.com/library/content/documentation/Security/Conceptual/keychainServConcepts/iPhoneTasks/iPhoneTasks.html

Little tutorial: http://iosdevelopertips.com/core-services/using-keychain-to-store-username-and-password.html

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Anything that your app decrypts on-device can be decrypted by an attacker as well. Also, there’s no need to include an e-mail (I assume that means SMTP account password) in your app. Just use a web service.

In your app, create the request URL like this:

NSString *requestURLString = [NSString stringWithFormat:@"https://example.com/registration-api/register.php?name=%@&email=%@", [name stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding], [email stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding]];

Your web service could look something like this:

<?php $message = "Name: $_GET[name]\n\n$_GET[message]"; mail('[email protected]', 'New User Registration', wordwrap($message, 70)); ?>
Improve this answer

6 Comments

Ok. I've never used a web service before, i assume that i put my smtp account password and username on the net somewhere and then when the email is gonna be sent i call this passing the email's topic and message to it. In that way my password won't be in the application anymore? Can you point me in the right direction to accomplish this? Thanks
What i might be looking for is a ProGuard alike for iPhone.
I don't know of any ready-made web service that accomplishes this. But it's basically just a simple script you put on your web server somewhere and then request it from your app. The script could be written in PHP and use the mail() (depending on your setup) or connect to the SMTP directly.
Solutions like ProGuard provide security through obscurity, and that’s generally a bad idea. The right thing to do in your case is probably the web service approach. But it might help if you described what your actually trying to do, i. e. what is the purpose of your app and this specific piece of your app?
The purpose is to send a register form data to an email account for further checking. The data is being sent from my email to another email using SKPSMTPMessage.
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.