Secure Coding

1. Scope

Only free apps were tested that can at least store photos or videos. Apps that only store notes or passwords do exist, but have not been tested.

The limitation to free apps stems from the ubiquity of insecure apps on the App Store, so it is adivsable that a potential user of such an app first can test the security features before relying on them. Most free apps were either restricted to a certain file count, or contain iAds; however, for evaluating the security properties, this makes the free version fully sufficient.

As all these apps claim to provide extra security beyond the iPhone's passcode, they were tested under the assumption that an attacker has the unlocked iPhone in their hands.

2. Feature Tests

The following features were checked:

2.1. Photo, Video

It has been tested whether the app can be used to store and view photos, or videos, respectively. The test typically was done by attempting to import a media file from the Camera Roll, then trying to view it.

2.2. Other data

It has been tested whether the app can be used to store at least one other data type. Typically this means support for audio files, notes, or passwords.

2.3. Unlimited Storage

It has been tested whether the app has an obvious limitation in the amount of files or folders you can create. For apps that have such a limitation, typically a full version without such a limitation is available from the same product.

For two apps, testing of this capability was aborted due to very frequent crashes of the apps on the tested iPhone:

• Private Photo HD Lite by AppInTheSky.com

• ISafety Photo HD Lite by Pop-ok.com

Whether these apps have limited or unlimited storage was not revealed in the testing. However, the AppStore mentions no such limitation.

2.4. Decoy Mode

Many apps support a so-called “Decoy Mode”, which usually provides a second log-in account with a different data collection. The idea is that in case the user is forced to convey the passcode for the app, they can merely give out the Decoy Mode passcode, which shows “innocent” files.

2.5. Intruder Photo, Intruder Location

Many apps provide a security log containing photos and location data for every failed access. Although it generally sounds interesting to see who was trying to “spy on you”, any attacker with a remote clue about how these apps work can simply cover the camera, and disable location services before trying out passcodes.

2.6. Intruder Mail

Some apps even allow sending an E-Mail report containing the intruder's photo and location. This is actually a lot more useful. Although it does not help against a determined attacker (see above), it may be an actually useful tool to help discover a stolen iPhone if the thief is beaten by his curiosity. It may be a good idea to have one of these apps installed on your iPhone even if you do not intend to store any data inside.

This feature is provided by:

• My Secret Folder Lite by Red Knight Interactive

• Secure Browser With File Safe by Red Knight Interactive

• Folder Locker Lite by Zeeplox

2.7. WiFi

Some apps provide a feature to share the files inside via WiFi. Typically, this is a HTTP, FTP or WebDAV service running on a highport without any authentication and read-write access.

2.8. iTunes Share (USB)

Some apps provide a feature to share files using iTunes File Sharing (typically used via USB). However, some apps provide only read-only and some apps provide only write-only access via this protocol.

Many apps did not advertise such functionality, but were found to “accidentally” provide read-only access via USB (read-only because adding/updating files would require changing database entries, which is sure manually possible using SQLite, but no ready tools exist for this). These are also counted as read only, too.

3. Security Tests

The following security properties were tested:

3.1. Decoy Access

Testing revealed the following security problems with Decoy Modes:

• Some apps have an “insecure” decoy mode which gives an attacker who can enter Decoy Mode an easy way to enter the “secret” folders. Namely:

  • AccessByKey Lite by MOST DO EVROPY s.r.o. implements Decoy Mode as separate folders, named by the folder passcode. Every passcode succeeds to log in, and can have separate data. The app however allows the user to enter “.” as passcode, which will enter the parent folder of all the “intentional” data folders, and view a list of all passcodes that have ever been entered, giving away any secrets stored in the app.

  • Folder Locker Lite by Zeeplox still shows the passcode change options ion Decoy Mode, and they actually are able to change the main passcode. Therefore, all an attacker who can enter Decoy Mode has to do, is to enter settings, change the main passcode, leave the app, and enter it again using this passcode to reveal any secrets.

• Most other apps have an “obvious” decoy mode:

  • Decoy Mode typically does not show the settings menu, or if it does, it does not show the menu to change the passcode. This makes it very obvious to an attacker that some sort of Decoy Mode is in place.

  • Some apps do not even allow to upload your own files in Decoy Mode, but merely allow showing default pictures there. That will not fool anyone.

• Only two apps have a somewhat convincing Decoy Mode:

  • CameraSafe LITE by Bitcartel Software implements Decoy Mode by having multiple independent accounts, none of which can see the others' data. Also, each can only change their own passcode.

  • Foto Segrete - KYMS - Free by IdeaSolutions S.r.l. masquerades as a working calculator called KyCalc. Pressing = while the passcode is on the calculator display will let you in. However, Google search for “KyCalc” immediately gives away the decoy.

None of these provide the required security to fool a determined attacker. Furthermore, an attacker could simply force you to connect your iPhone to their computer, and perform a backup using iTunes for further analysis. Every single app will either reveal its data that way, or the fact that there is hidden data stored outside the application (e.g. by existence of encrypted files, or discrepancy of free and used disk space). Better consider this mode a toy, not an actual feature.

Given these observations, it was decided that in the results table, only a decoy mode that actually has a vulnerability to get access to the non-secret files is denoted as BAD. Any decoy mode not exposing the secret files, no matter how unconvincing, was counted as GOOD.

3.2. USB Security

It was attempted to get access to the app's folder using the access method described on Hacking ifuse - iExplorer for Linux, i.e. either via iExplorer, via IPA application backup, or via a modified ifuse client. Most apps were found to expose the secret files in unencrypted form using the method described there.

Note that this attack is only possible from a computer that once was connected to the iPhone which was unlocked at the time. The testing assumptions are however that the attacker has the unlocked iPhone in their hands, as these apps are all meant to provide extra security beyond the usual passcode lock of the iPhone. However, once a computer was connected once, it can be “paired” with the iPhone using iTunes or the idevicepair utility on Linux, and will from then on also allow connections from the same computer while locked!

The only tested apps not exposing their files to this attack were:

• Dot Lock Photo by AgileMobileApps (stores data outside the app, namely, in the Keychain)

• Dot Lock Photo+Video by AgileMobileApps (stores data outside the app, namely, in the Keychain)

• CameraSafe LITE by Bitcartel Software (encrypts)

• Covert Photo Free by Itchyfinger Ltd. (encrypts)

• Dot Lock My Data Lite by MinhMobileDev (stores data outside the app, namely, in the Keychain)

• My Locked Folder Lite by MinhMobileDev (stores data outside the app, namely, in the Keychain)

• Photo Safe Pro by Software Opus LLC (encrypts)

Note that storing data outside the app - especially in an unexpected place like the Keychain, which also will not shrink after deleting the files again and thus can permanently use up the space - violates AppStore guidelines and may lead to removal of these apps from the Store. It furthermore means that the data is not deleted when the app is deleted, and may take up space “forever”. Also, jailbreaking the device (which however is bound to leave traces) is likely to expose the data in this case.

3.3. Public Encryption

It generally is not a good idea to rely merely on security by obscurity. It therefore is best practice to use published cryptographic algorithms that had peer review among cryptographers and that withstood many attacks in the past.

Only the following app fulfills this:

• CameraSafe LITE by Bitcartel Software (uses and advertises AES-256 encryption, and also allows a sufficiently long passcode)

The following two apps may be using strong encryption, but do not publish their choice of algorithm and thus may or may not be secure:

• Covert Photo Free by Itchyfinger Ltd. (advertises use of “Apple's own built-in encryption algorithms”, which likely means some AES variant, but only supports 4-digit PINs!)

• Photo Safe Pro by Software Opus LLC (advertises “256 bit encryption” which likely means AES-256, and supports sufficiently long passcodes)

However, the following things have to be noted:

• AES-256 is less secure than AES-128 due to recent attacks; AES-256 security has been reduced to 99.5 bits, while AES-128's security only could get reduced to 126.1 bits. Still, at the moment 99.5 bits security is good enough for practical purposes.

• Even though the security of the underlying cryptographic algorithm may be good, this does not make a 4-digit PIN or other simple key (including 3x3 “dot lock”) secure. Good and long passcodes are absolutely required for security! Also, it has not been tested whether these apps use an actually secure method to derive the encryption key from user input.

3.4. Passcode Security

Many apps were found to expose their passcode in plaintext, or in easily decodable form, as part of App Backups or even in the iTunes Share area (see above). Typically the passcode was found either as a folder name, as entry in a SQLite database, or as entry in a binary-encoded plist file.

The only tested apps not exposing the passcode in any obvious way were:

• All apps not exposing their data to App Backups by means of encryption or outside storage (see above)

• Lock Folder Free by coco Cai (stores passcode information in the keychain)

• Lock Photos Free by coco Cai (stores passcode information in the keychain)

• Lock Photos & Videos HD by costani.com (stores passcode information in the keychain)

• Pocket Folder by Gong Pengjun (stores passcode information in the keychain)

• Secret - Store Anything by One Wave AB (stores the password hashed using MD5)

• UbiDisk by FocusByte (stores passcode information int he keychain since version 2.0.0)

Notable apps attempting to provide passcode security, but failing at it, are:

• Your Secret Folder by SSA Mobile LLC (uses MD5, but only supports short passcodes; a simple Google search for the MD5 hashed passcode will find it)

• Your Secure Browser by SSA Mobile LLC (uses a proprietary algorithm to encode the passcode; proprietary algorithms tend to only rely on security by obscurity and thus are easily broken using debugging tools, but what makes matters worse is that this app stores the plaintext passcode in the successful access log)

4. Conclusion

The only tested app providing some sense of actual security is CameraSafe LITE byBitcartel Software. It even comes with a Decoy Mode, but cannot store anything other than photos.

Anything else cannot be recommended from a security perspective.

From a usability perspective, UbiDisk (Super Downloader) byFocusByte made the best impression. It provides video playback, remembers the last position, can open many file types, supports WiFi access both via HTTP and FTP (which works fine with lftp including mirror/sync support, but crashes when attempting to use the FTP access from Google Chrome), USB access, and even includes a web browser with downloader. Since 2.0.0, it also can download arbitrary file types from Safari!

5. How To Do It Right

Ideally, such an app would work like this:

• On first start, a random master key is created and stored in the keychain.

• User is queried for passphrase; any passphrase will “work”

• The passphrase is processed using a key derivation function that employs key stretching.

• The master key is “decrypted” with the result of the previous step and yields a “user key”

• Files and file names are encrypted using the “user key”

• As file names contain a checksum of some sort, their proper decoding can be verified. Names that do not decode right will not be shown.

A Linux tool working this way is EncFS.

6. Results

UPDATE: I managed to find out that AgileMobileApps' and MinhMobileDev's apps store the data in the Keychain (namely, in /private/var/Keychains/keychain-2.db.

UPDATE: FocusByte fixed the issues of UbiDisk I mentioned here. On Sep 16 2012, an update "2.0.0" was released that fixes the crashes of the FTP server, and moved the password storage to the Keychain, where it is safe from prying via USB. It is still possible to retrieve the passcode from there, but doing so involves jailbreaking the device; furthermore, Focusbyte can't do anything about this anyway because the security of a 4-digit PIN can be broken no matter what they do simply by having a decrypted dump of the device storage (jailbreak!), the device passcode (crack tools for this exist) and simple brute force. Therefore: Great work, Focusbyte! I updated the test results to match the current version of UbiDisk.