Rather than the bundle ID it's the application identifier and
keychain
access group, entitlements protected by the signature, that determine
your access. That signature has to be Apple signed, either directly
or
indirectly via a profile, where the profile limits the entitlements
and values they can have.
In the end applications do have access to the keychain on the phone
without having to enter a password. The passcode protects from
unlocking but does not figure into the encryption of keychain
secrets.
That is the real difference.
Once you'd enter the password on the desktop you could steal password
the same way as on the phone.
You will have to answer your own question because it is unclear
what the
risk/reward is here. I have no problems storing any password or
identity in
the keychain that I will actually use on the phone, but you may be
alluding
to secrets outside that scope.
Conrad. (iPhone)
On Dec 18, 2008, at 4:14, "Alexander v. Below" <email@hidden> wrote:
Hello,
how secure is the iPhone keychain? The Documentation says, that an
application only has access to its own keychain items.
But how is that Application determined?
Could someone jailbreak a phone, and install an application with the
same bundle ID as mine, and then read my keychain? Or are other
exploits for the iPhone keychain known?
The basic question is: Is it definitely, positively secure to store
sensitive data in the iPhone keychain?
Thanks
Alex
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/conrads
%40apple.com
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden
This email sent to email@hidden
