On Dec 18, 2008, at 4:14 AM, Alexander v. Below wrote:
Could someone jailbreak a phone, and install an application with the
same bundle ID as mine, and then read my keychain? Or are other
exploits for the iPhone keychain known?
I'm not an expert on iPhone security, but I can speculate...
Doesn't jailbreaking involve a complete wipe of the device followed by
a restore from backup? If so, someone couldn't do it to your phone and
preserve its data unless they already had access to a backup file from
your computer.
Also, the Keychain doesn't just check the app's bundle ID. It also
stores a hash of the application binary to determine whether it's been
changed. On a Mac you get an alert telling you the app's changed and
asking if you still want it to be able to access its keychain entries.
There's no such alert on iPhone, because presumably the built-in app
upgrade process updates the hash automatically; so I don't know what
the behavior of the iPhone is when the hash doesn't match. It may just
unconditionally refuse access, since the only way this could happen
would be if the app had been hacked.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden
This email sent to email@hidden
