Tuesday, January 23, 2024
HomeiOS Developmentexpo - Entry to IOS keychain

expo – Entry to IOS keychain


My software makes use of expo SecureStore to retailer secrets and techniques akin to person access_token and refresh_token. SecureStore makes use of ios keychain underneath the hood:

On iOS, values are saved utilizing the keychain companies as
kSecClassGenericPassword. iOS has the extra choice of having the ability
to set the worth’s kSecAttrAccessible attribute, which controls when
the worth is obtainable to be fetched.

I am to know if an attacker (a thief) may learn the secrets and techniques.

For that, I’m contemplating the next assertions to carry true:

  • Utility can solely be put in on iPhones
  • Attacker is aware of sufferer PIN code
  • Attacker has entry to sufferer iCloud
  • iPhone is on the final IOS model and no jailbreak exists for this model
  • secrets and techniques are saved in keychain with kSecAttrAccessible set to kSecAttrAccessibleWhenUnlockedThisDeviceOnly (but in addition to know solutions for kSecAttrAccessibleWhenUnlocked)

Is it doable for an attacker to get well access_token and refresh_token ?



Supply hyperlink

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments