expo – Access to IOS keychain

iOS Development


My application uses expo SecureStore to store secrets such as user access_token and refresh_token. SecureStore uses ios keychain under the hood:

On iOS, values are stored using the keychain services as
kSecClassGenericPassword. iOS has the additional option of being able
to set the value’s kSecAttrAccessible attribute, which controls when
the value is available to be fetched.

I’m interested to know if an attacker (a thief) could read the secrets.

For that, I am considering the following assertions to hold true:

  • Application can only be installed on iPhones
  • Attacker knows victim PIN code
  • Attacker has access to victim iCloud
  • iPhone is on the last IOS version and no jailbreak exists for this version
  • secrets are stored in keychain with kSecAttrAccessible set to kSecAttrAccessibleWhenUnlockedThisDeviceOnly (but also interested to know answers for kSecAttrAccessibleWhenUnlocked)

Is it possible for an attacker to recover access_token and refresh_token ?

admin
adminhttps://techmins.com

Latest articles

spot_imgspot_img
Previous article
STL file Gearshift knob “Pelmen” 5 speeds 🚗・3D printing model to download・Cults
Next article
Galaxy S24 is the most important Android phone in ages – the reason will surprise you!

Related articles

Leave a reply

Please enter your comment!
Please enter your name here

spot_imgspot_img

ABOUT US

Techmins is your Technology. Nanotechnology, Drone, Robotics, Big data, Cloud computing, 3D printing, Self driving car, Telecom, Mobile, Apple, iOS development, Software development and Green technology related news website. We provide you latest breaking news and videos straight from the tech industry.

Copyright © 2023 - techmins.com. All rights reserved.