问题
I'm using Titanium.App.Properties to store user highly confidential data. So is it safe to store values here. Is it possible jailbreak iPhone's to leak this values. Is this values encrypted or stored as plain text?
Thanks in Advance.
回答1:
Here is an update to this old question:
From Titanium 3.X docs:
As of Release 3.2.0, any application properties defined in the tiapp.xml file are stored in the device's secure storage, making them read-only. Additionally, external access to these properties is now restricted. Other iOS applications cannot access these properties and native Android modules must use the Titanium module API TiApplication.getAppProperties method to access these properties.
If you need to change the values during runtime, initially create the property with these APIs rather than defining them in the tiapp.xml file.
Prior to Release 3.2.0, application properties defined in the tiapp.xml file could be overwritten by these APIs and accessed externally by other applications and modules.
So, the answer to the question is:
- If using SDK version 3.2.0 and above;
Titanium.App.Propertiesis secure enough to store sensitive app-related data:- For storing constant values (cannot be changed at run-time); use
tiapp.xmlfile. e.g.<property name="app.google.api.key" type="string">key_here</property> - To get and set values dynamically at run-time, use
Titanium.App.Properties.
- For storing constant values (cannot be changed at run-time); use
- You can also use this module for securely storing and reading app or user related data.
See this example code that defines security levels of each operation.
回答2:
Titanium.App.Properties are stored in a simple .plist file. It is in a compressed (encoded) XML file. So not encrypted, but also not technically in plain text (although any .plist reader, including the Mac itself, can present it in plain text.
Source: http://developer.appcelerator.com/question/130050/titaniumappproperties-is-it-safe
来源:https://stackoverflow.com/questions/8674793/titanium-app-properties-is-it-safe