Skip to content

MASTG-TEST-0303: References to APIs for Storing Unencrypted Data in Shared Storage

Overview

This test checks whether the app stores sensitive data without encryption in iOS sandbox locations that may become user accessible when file sharing is enabled.

On iOS, the app sandbox is private by default. However, when the app sets UIFileSharingEnabled or LSSupportsOpeningDocumentsInPlace to YES in its Info.plist, files in certain sandbox locations, especially the documentDirectory, may become accessible through Finder, iTunes File Sharing, or the Files app.

Review the app for APIs that create, modify, or persist files in shared or potentially shared storage locations, such as documentDirectory, URL.documentsDirectory, or equivalent paths resolved at runtime. Relevant APIs include FileManager, Data.write(to:), String.write(to:atomically:encoding:), FileHandle, and OutputStream, as well as lower level POSIX or BSD file I,O functions such as open, write, fwrite, and fputs.

Also review whether the app protects sensitive data before writing it to these locations. For example, the app may encrypt data using keys stored in the Keychain. Keychain API usage, such as SecItemAdd, SecItemUpdate, and SecItemCopyMatching, can help determine whether encryption keys are created, retrieved, and protected with appropriate access control and accessibility attributes.

Steps

  1. Use Exploring the App Package to extract the relevant binaries from app package.
  2. Use Static Analysis on iOS to look for the relevant APIs in the app binaries.
  3. Use Retrieving Info.plist Files to retrieve the Info.plist file.
  4. Use Analyzing Info.plist Files to check for the UIFileSharingEnabled and LSSupportsOpeningDocumentsInPlace flags.

Observation

The output should contain:

  • A list of code locations that write (or could write) to shared storage.
  • The state of UIFileSharingEnabled and LSSupportsOpeningDocumentsInPlace.

Evaluation

The test case fails if:

  • The app writes unencrypted sensitive data to documentDirectory (or equivalent shared storage path), and
  • Info.plist enables user access to the Documents directory (UIFileSharingEnabled and/or LSSupportsOpeningDocumentsInPlace).

Note: documentDirectory by itself is not inherently insecure; the risk arises when sensitive data is stored there and exposed via file sharing or Files app access. In contrast, data stored in other locations within the app sandbox (e.g., Library/Application Support) with encryption, or in the Keychain cannot be accessed even if file sharing is enabled.

Best Practices

MASTG-BEST-0024: Store Data Encrypted in App Sandbox Directory