Nobody wants to deal with a data leak, but iOS applications can unintentionally leak data. Make sure your data is secure by figuring out where the leaks occur so you can be better prepared.

1. Identifying Data Leaks
in iOS ApplicationS

2. Many iOS applications
unintentionally leak data to
other applications or
adversaries with access to
the filesystem. This typically
occurs when a developer
uses an API that has side
effects the developer is not
aware of and, therefore,
does not take preventative
measures to secure the data.

3. Here we look at some of the ways
a developer using the iOS APIs
may inadvertently leak sensitive
application data.

4. lEAKinG DAtA
in
ApplicAtiOn
lOGS

5. Logging can prove to
be a valuable resource
for debugging during
development. However,
in some cases, it can leak
sensitive or proprietary
information, which is
then cached on the device
until the next reboot.
[20:29:16.6732]
requested restore
behavior: Update
[20:29:16.6743]
requested variant:
Update
[20:29:16.6752]
requested restore
behavior: Update
[20:29:16.6762]
failed to find key
FDRSupport in
variant

6. iDEntiFYinG
pAStEBOARD
lEAKAGE

7. Many developers want to
offer users the ability to
copy and paste data. If
the pasteboard is used to
copy sensitive data,
depending on how it is
implemented, data could
be leaked from the
pasteboard to other
third-party applications.

8. HAnDlinG
ApplicAtiOn
StAtE
tRAnSitiOnS

9. When an application is suspended in the
background (for example, if the user receives
an incoming call), iOS takes a snapshot of the
app and stores it in the application’s cache
directory. When the application is reopened,
the device uses the screenshot to create the
illusion that the application loads instantly.
Any system that can be paired with the device
can access the snapshot.
- (void)applicationDidEnterBackground:
(UIApplication *)application

10. KEYBOARD
cAcHinG

11. iOS customizes the autocorrect feature by caching
input that is typed into the device’s keyboard.
Almost every non-numeric word is cached on the
filesystem in plaintext in the keyboard cache file.
This means that application data you wouldn’t
want to be cached—such as usernames, passwords,
and answers to security questions—could be
inadvertently stored in the keyboard cache.
WQ E R T Y U I O P
password1pass passing

12. Http RESpOnSE
cAcHinG

13. To display a remote website, an
iOS application often uses a
UIWebView to render the
HTML content. Depending on
how the URL loading is
implemented, a UIWebView can
cache server responses to the
local filesystem. When sensitive
content is returned in server
responses, it could potentially
be stored in the cache database.
cfurl_cache_blobdata
cfurl_cache_response
cfurl_cache_receiver_data
cfurl_cache_schema_version

14. The Mobile
Application
Hacker’s
Handbook
by Dominic chell, tyrone Erasmus,
Shaun colley, and Ollie Whitehouse
about iOS application
vulnerabilities and how to
write secure iOS apps in
Find out more