AppSec Blog

AppSec Blog

What's in Your iOS Image Cache?

Backgrounding and Snapshots


In iOS when an application moves to the background the system takes a screen shot of the application's main window. This screen shot is used to animate transitions when the app is reopened. For example, pressing the home button while using the logon screen of the Chase App results in the following screen shot being saved to the application's Library/Caches/Snapshots/com.chase directory.

Figure 1: Snapshot showing cached information

Example Application


To further illustrate this point take the following profile page from a fictitious bank app which displays sensitive information like the user's account number, balance, and secret question/answer.

Figure 2: Application that utilizes sensitive information


If the user presses the home button while viewing this screen a snapshot of the window will be saved to the application's Snapshots directory. If you run this code in the iOS Simulator the snapshot is stored in the ~/Library/Application Support/iPhone Simulator/4.2/Applications//Library/Caches/Snapshots/com.yourcompany.MyBank directory.

Hiding Sensitive Data


The iOS Application Programming Guide states that sensitive information should be removed from views before moving to the background. Specifically, it states that when "the applicationDidEnterBackground: method returns, the system takes a picture of your application's user interface...If any views in your interface contain sensitive information, you should hide or modify those views before the applicationDidEnterBackground: method returns."

Fortunately, the code for hiding the sensitive fields in the fictitious "My Bank" application is very straightforward. In the delegate you can simply mark the sensitive fields as hidden:

- (void)applicationDidEnterBackground:(UIApplication *)application { viewController.accountNumberField.hidden = YES; viewController.balanceField.hidden = YES; viewController.dobField.hidden = YES; viewController.maidenNameField.hidden = YES; viewController.secretQuestionField.hidden = YES; viewController.secretAnswerField.hidden = YES; }

Of course, you also need to make the fields visible before the app becomes active using the following code in applicationDidBecomeActive:

- (void)applicationDidBecomeActive:(UIApplication *)application { viewController.accountNumberField.hidden = NO; viewController.balanceField.hidden = NO; viewController.dobField.hidden = NO; viewController.maidenNameField.hidden = NO; viewController.secretQuestionField.hidden = NO; viewController.secretAnswerField.hidden = NO; }

Adding this code to the delegate results in the following screen shot (without sensitive data) being taken when the home button is pressed.

Figure 3: Snapshot showing that sensitive data is not displayed (border added for display purposes)

Preventing Backgrounding


Instead of hiding or removing sensitive data you can also prevent backgrounding altogether by setting the "Application does not run in background" property in the application's Info.plist file (this adds the UIApplicationExitsOnSuspend key to the plist). Setting this property results in applicationWillTerminate: being called and prevents the screenshot from being taken at all.


Figure 4: Screenshot showing plist configuration to prevent backgrounding

Summary


Sensitive data can be inadvertently saved when an app moves to the background. Developers should mitigate this by identifying sensitive fields and implementing applicationDidEnterBackground: or by preventing backgrounding altogether.

About


Frank Kim is the curriculum lead for application security at the SANS Institute and the author of DEV541 Secure Coding in Java. If you liked this post check out SANS' new class on Secure iOS App Development.

4 Comments

Posted January 14, 2011 at 5:27 PM | Permalink | Reply

Danny

Do you know the lifespan of the snapshots in the cache library? When are those snapshots deleted?

Posted January 14, 2011 at 9:50 PM | Permalink | Reply

Jeff Kelley

Actually, modifying your Info.plist isnt enough. When you press the Home button, the system takes a screenshot of your app to perform the pinch animation as it returns to the Home screen. In some cases, that image is recoverable, as its temporarily stored to disk. So, although it does prevent the screenshot from being taken, its not enough to prevent the data from being recovered.

Posted April 15, 2013 at 6:04 PM | Permalink | Reply

Karen

Very interesting. Starting from your post, I tried Decipher Backup Browser (http://deciphertools.com) to look at some of the backups from my iPhones and iPads on my computer. Sure enough, in Home -> Library -> Caches there is data from Safari with thumbnails of the open webpages, but I didn't see any other screenshots cached in the backup.

Then again, the program also showed the Safari browsing history :) but the screenshots would be bad as well if they had more sensitive data filled in on them.

Posted October 22, 2013 at 11:28 AM | Permalink | Reply

jenneath

How can we prevent verification images from backgrounding?

Post a Comment






Captcha

* Indicates a required field.