AppSec Blog

What's in Your iOS Image Cache?

Backgrounding and Snapshots

In iOS when an application moves to the background the system takes a screen shot of the application's main window. This screen shot is used to animate transitions when the app is reopened. For example, pressing the home button while using the logon screen of the Chase App results in the following screen shot being saved to the application's Library/Caches/Snapshots/ directory.

Figure 1: Snapshot showing cached information

Example Application

To further illustrate this point take the following profile page from a fictitious bank app which displays sensitive information like the user's account number, balance, and secret question/answer.

Figure 2: Application that utilizes sensitive information

If the user presses the home button while viewing this screen a snapshot of the window will be saved to the application's Snapshots directory. If you run this code in the iOS Simulator the snapshot is stored in the ~/Library/Application Support/iPhone Simulator/4.2/Applications//Library/Caches/Snapshots/com.yourcompany.MyBank directory.

Hiding Sensitive Data

The iOS Application Programming Guide states that sensitive information should be removed from views before moving to the background. Specifically, it states that when "the applicationDidEnterBackground: method returns, the system takes a picture of your application's user interface...If any views in your interface contain sensitive information, you should hide or modify those views before the applicationDidEnterBackground: method returns."

Fortunately, the code for hiding the sensitive fields in the fictitious "My Bank" application is very straightforward. In the delegate you can simply mark the sensitive fields as hidden:

- (void)applicationDidEnterBackground:(UIApplication *)application { viewController.accountNumberField.hidden = YES; viewController.balanceField.hidden = YES; viewController.dobField.hidden = YES; viewController.maidenNameField.hidden = YES; viewController.secretQuestionField.hidden = YES; viewController.secretAnswerField.hidden = YES; }

Of course, you also need to make the fields visible before the app becomes active using the following code in applicationDidBecomeActive:

- (void)applicationDidBecomeActive:(UIApplication *)application { viewController.accountNumberField.hidden = NO; viewController.balanceField.hidden = NO; viewController.dobField.hidden = NO; viewController.maidenNameField.hidden = NO; viewController.secretQuestionField.hidden = NO; viewController.secretAnswerField.hidden = NO; }

Adding this code to the delegate results in the following screen shot (without sensitive data) being taken when the home button is pressed.

Figure 3: Snapshot showing that sensitive data is not displayed (border added for display purposes)

Preventing Backgrounding

Instead of hiding or removing sensitive data you can also prevent backgrounding altogether by setting the "Application does not run in background" property in the application's Info.plist file (this adds the UIApplicationExitsOnSuspend key to the plist). Setting this property results in applicationWillTerminate: being called and prevents the screenshot from being taken at all.

Figure 4: Screenshot showing plist configuration to prevent backgrounding


Sensitive data can be inadvertently saved when an app moves to the background. Developers should mitigate this by identifying sensitive fields and implementing applicationDidEnterBackground: or by preventing backgrounding altogether.


Frank Kim is the curriculum lead for application security at the SANS Institute and the author of DEV541 Secure Coding in Java. If you liked this post check out SANS' new class on Secure iOS App Development.


Posted January 14, 2011 at 5:27 PM | Permalink | Reply


Do you know the lifespan of the snapshots in the cache library? When are those snapshots deleted?

Posted January 14, 2011 at 9:50 PM | Permalink | Reply

Jeff Kelley

Actually, modifying your Info.plist isn't enough. When you press the Home button, the system takes a screenshot of your app to perform the "pinch" animation as it returns to the Home screen. In some cases, that image is recoverable, as it's temporarily stored to disk. So, although it does prevent the screenshot from being taken, it's not enough to prevent the data from being recovered.

Post a Comment


* Indicates a required field.