Questions tagged [ios]

iOS is Apple's operating system for the iPhone, iPad and iPod Touch.

iOS is Apple's operating system for the iPhone, iPad and iPod Touch. Questions in this tag should be about:

  • risks in deploying iOS devices and potential countermeasures
  • security features available for iOS app developers
  • secure development of iOS apps

Not to be confused with IOS, the operating system found in Cisco's network hardware.

473 questions
168
votes
6 answers

Apple's open letter - they can't or won't backdoor iOS?

Apple released an open letter to the public outlining their reasons for not complying with the FBI's demands to modify the iPhone's security mechanism. Here's a summary: The FBI has an iPhone in their possession which they would like to access data…
TTT
  • 9,122
  • 4
  • 19
  • 31
67
votes
5 answers

Why is iPhone's internal storage so hard to crack/decrypt?

I’ve heard about a rule in Information Security, that once a hacker has access to your physical machine, then it’s all over. However, there seems to be a big exception to this rule: iPhones. It was all over the news a while back that the CIA (or the…
Melkor
  • 1,285
  • 2
  • 10
  • 12
63
votes
4 answers

Why do mobile devices force user to type password after reboot?

Nowadays, many mobile phones have supported unlocking through fingerprint recognition. However, both iOS and Android require users to enter the password after the device is rebooted, even though an authorized fingerprint is given. My question is:…
nalzok
  • 761
  • 1
  • 6
  • 11
35
votes
4 answers

How do I verify HTTPS connections in Mobile apps?

There are a lot of mobile apps nowadays with payment gateways support. However, unlike desktop browsers, these mobile apps do not show us an 'Address bar' by which we can identify a HTTPS connection. How can I make sure I am making a payment on a…
Adarsh Konchady
  • 453
  • 4
  • 5
30
votes
5 answers

How do location-based apps avoid getting cheated by emulated GPS?

Some apps like Foursquare require the user to "check in" at physical places, in order to gain money benefits. Given that emulated GPS are available for customized versions of Android, it sounds easy to trick such apps. Given the monetary…
Nicolas Raoul
  • 1,276
  • 2
  • 12
  • 17
29
votes
2 answers

Why do web sites show my iPhone using different IP addresses for HTTP and HTTPS (cellular only)?

While testing a recent adtech integration I noticed something I can't explain. The iPhone uses two IP addresses. Seemingly one for HTTP and one for HTTPS. To further confuse things it only happens when the device is not on wifi. Although, the only…
Greg Dean
  • 392
  • 3
  • 7
28
votes
1 answer

iOS Encryption Details

Following on from this question, what resources are available relating to the technical specifics of how apple implement encryption on their iOS 4.x series devices? The Apple marketing material here, states that "iPad offers 256-bit AES encoding…
Rory McCune
  • 60,923
  • 14
  • 136
  • 217
19
votes
1 answer

What unique device fingerprinting information can an iOS8 app collect?

As an addition to this question: What unique fingerprinting information can an iOS7 app collect? What remaining device fingerprinting privacy/security vulnerabilities still exist as of iOS 8? Can 3rd-party apps still access a list of other running…
pseudon
  • 1,420
  • 9
  • 20
16
votes
2 answers

Android L encryption vs. iOS 8 encryption

Recently, the new full-disk encryption system of Apple's iOS 8 operating system has been in the news. And soon after Apple's release, Google announced that they will also enable encryption by default in the upcoming version of their Android…
Jukka Suomela
  • 339
  • 1
  • 2
  • 7
16
votes
2 answers

What unique fingerprinting information can an iOS 10 app collect?

As a follow-on to these questions: What unique fingerprinting information can an iOS7 app collect? What unique device fingerprinting information can an iOS8 app collect? What unique device fingerprinting information can an iOS9 app collect? iOS 10…
pseudon
  • 1,420
  • 9
  • 20
16
votes
8 answers

Keyloggers on Smartphones?

I need to clarify my question. I'm wondering if there are any apps for smartphone that can log each 'keystroke' (i.e. key pressed on touchscreen) that a user does. Performing a google search brings up some links to sites like this and this. These…
Pits
  • 169
  • 1
  • 1
  • 3
15
votes
2 answers

Is Apple's push notification service implementation vulnerable to a MitM attack

Recently(more info) I've spotted a strange message in the logs on my quite recent, fresh installation of OS X Mavericks 10.9.2 Apr 27 15:26:47 Ivans-MacBook-Pro.local apsd[194]: Unrecognized leaf certificate It appears every 15 minutes or so. I've…
Ivan Kovacevic
  • 2,099
  • 5
  • 19
  • 21
15
votes
5 answers

Best practices for securing an iPhone

As this question on voicemail protection got answers veering more to protecting the mobile phone, I thought I should add a specific question on this topic. There is already a question on protecting your Android phone There is a wide range of attacks…
Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
15
votes
4 answers

What measures should be taken when losing an iPad

When losing a tablet that has been used to access email accounts , beside changing the passwords, is there anything more can be done? What are the most common problems that might occur if the iPad was stolen, not just lost. Does iPad have anti-theft…
HSN
  • 1,188
  • 12
  • 23
15
votes
3 answers

Why can't apple simply add the backdoor now and then remove it after the FBI is done?

Summary of the current situation by @TTT Apple released an open letter to the public outlining their reasons for not complying with the FBI's demands to modify the iPhone's security mechanism. Here's a summary: The FBI has an iPhone in their…
noɥʇʎԀʎzɐɹƆ
  • 416
  • 1
  • 3
  • 15
1
2 3
31 32