How safe is my data?

FlorenceArt · 03-24-2015, 05:21 PM

Hi All,

This is a question that has been bothering me for a while, and the answers I have found on the web seemed strangely incomplete. How much of my data is accessible to someone who, say, steals or finds my iPad and doesn't know my password? I just did a test with iFunBox, and it seems that anything that is visible in the app sharing area on iTunes is also available via iFunBox, even if the iPad is password locked.

But does this mean that the rest of my data is safe? For example, Readdle Documents doesn't show my documents either in iTunes or iFunBox, except for whatever is in the "iTunes sharing" folder. Can it be accessed some other way? Also, the same app has an option to encrypt documents when the iPad is locked, but what does it mean in practice? Other apps claim to encrypt my documents on the iPad, how can I verify that they actually do that?

I'm not looking for a very high level of security, but I'd like to feel that I can carry sensitive documents such as a scan of my passport without too much risk. Documents seems a good way to do that, but how safe is it really?

Any tips or info would be appreciated!

FlorenceArt · 03-26-2015, 08:52 AM

I found some information on the web after all. The most useful was this article, even if it's a bit old:
http://www.ilounge.com/index.php/art...ta-protection/

And this one was interesting too:
http://www.csoonline.com/article/268...-features.html

I still don't understand it all, but I think that if:
- the document is stored in an app that uses the iThingie's hardware encryption (usually activated through the app's options)
- your iThingie is password protected (meaning that hardware encryption has been activated)
- the document is not visible in iTunes app sharing
- the document is NOT synced to iCloud

then it's reasonably well protected.

That's enough for me I guess, I don't carry state secrets on my iPad.

Jessica Lares · 03-26-2015, 07:12 PM

Your iOS devices have a list of accepted connections it's allowed to reveal data to. When you connect your device to something that isn't on the list, it'll pop up a message that says "Trust This Computer? - Your settings and data will be accessible from this computer when connected."

This can get pretty annoying if you're like me and connect your device to something like a TV that it won't register and continue to ask you to trust it. But at the same time, that would be just proof that it's working and won't allow assigning to generic hardware that won't communicate with it like computers do.

If you have an established trust with a computer, it will let you access the device without having to input your password. If you don't, it won't let the computer access the data at all. It'll of course tell the computer that it's an iOS device, but a device browser like iMazing will ask you to accept the trust message in order to show you the data.

As for app security itself.... Apple recently changed how much access one can get into an app. You used to be able to see the GUI elements in the main folder, and now you only get a small list of folders - Documents, Library, StoreKit, tmp, and most of them you can't do anything with because they're read-only.

Personally... I have my private stuff in a password manager. It is the only place where I'd put such things, it's the only type of app that you don't feel like switching for something else all the time either. You might not have a need for something as robust as Documents, but you might forget about the security aspect about it and try something else that doesn't have it, and that's when you're most likely to be vulnerable to stealing.

FlorenceArt · 03-27-2015, 06:58 AM

Thanks, it's true that you must trust a computer when you connect for the first time, I'd forgotten about that since I haven't changed my computer in some time.

I'm not sure how robust Documents is, but at least it uses hardware encryption if you activate it in setting. So does GoodReader by the way, but I don't like GoodReader's interface.

The main problem is the multiple copies of the same document you may have on your iThingie, since each app keeps a copy in its own space. It can be hard to keep track of that and delete the copies when no longer needed.

03-24-2015, 05:21 PM	#1
FlorenceArt High Priestess Posts: 5,761 Karma: 5042529 Join Date: Jul 2008 Location: Montreuil sous bois, France Device: iPad Pro 9.7, iPhone 6 Plus	How safe is my data? Hi All, This is a question that has been bothering me for a while, and the answers I have found on the web seemed strangely incomplete. How much of my data is accessible to someone who, say, steals or finds my iPad and doesn't know my password? I just did a test with iFunBox, and it seems that anything that is visible in the app sharing area on iTunes is also available via iFunBox, even if the iPad is password locked. But does this mean that the rest of my data is safe? For example, Readdle Documents doesn't show my documents either in iTunes or iFunBox, except for whatever is in the "iTunes sharing" folder. Can it be accessed some other way? Also, the same app has an option to encrypt documents when the iPad is locked, but what does it mean in practice? Other apps claim to encrypt my documents on the iPad, how can I verify that they actually do that? I'm not looking for a very high level of security, but I'd like to feel that I can carry sensitive documents such as a scan of my passport without too much risk. Documents seems a good way to do that, but how safe is it really? Any tips or info would be appreciated!

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Testpoints etc. for USB Data+ & Data- ?	Upprcalypse	Kindle Developer's Corner	5	03-16-2013 12:47 PM
Is it safe to delete /usr/share/nuance/data?	swan36doe	Kindle Developer's Corner	4	02-04-2013 12:05 PM
is it safe to....	Pushka	Calibre	4	02-15-2010 07:52 AM

03-26-2015, 08:52 AM	#2
FlorenceArt High Priestess Posts: 5,761 Karma: 5042529 Join Date: Jul 2008 Location: Montreuil sous bois, France Device: iPad Pro 9.7, iPhone 6 Plus	I found some information on the web after all. The most useful was this article, even if it's a bit old: http://www.ilounge.com/index.php/art...ta-protection/ And this one was interesting too: http://www.csoonline.com/article/268...-features.html I still don't understand it all, but I think that if: - the document is stored in an app that uses the iThingie's hardware encryption (usually activated through the app's options) - your iThingie is password protected (meaning that hardware encryption has been activated) - the document is not visible in iTunes app sharing - the document is NOT synced to iCloud then it's reasonably well protected. That's enough for me I guess, I don't carry state secrets on my iPad.

03-26-2015, 07:12 PM	#3
Jessica Lares Wizard Posts: 2,240 Karma: 5759170 Join Date: Jun 2011 Location: Near Dallas, Texas, USA Device: iPad Mini, iPod Touch (5th gen)	Your iOS devices have a list of accepted connections it's allowed to reveal data to. When you connect your device to something that isn't on the list, it'll pop up a message that says "Trust This Computer? - Your settings and data will be accessible from this computer when connected." This can get pretty annoying if you're like me and connect your device to something like a TV that it won't register and continue to ask you to trust it. But at the same time, that would be just proof that it's working and won't allow assigning to generic hardware that won't communicate with it like computers do. If you have an established trust with a computer, it will let you access the device without having to input your password. If you don't, it won't let the computer access the data at all. It'll of course tell the computer that it's an iOS device, but a device browser like iMazing will ask you to accept the trust message in order to show you the data. As for app security itself.... Apple recently changed how much access one can get into an app. You used to be able to see the GUI elements in the main folder, and now you only get a small list of folders - Documents, Library, StoreKit, tmp, and most of them you can't do anything with because they're read-only. Personally... I have my private stuff in a password manager. It is the only place where I'd put such things, it's the only type of app that you don't feel like switching for something else all the time either. You might not have a need for something as robust as Documents, but you might forget about the security aspect about it and try something else that doesn't have it, and that's when you're most likely to be vulnerable to stealing.

03-27-2015, 06:58 AM	#4
FlorenceArt High Priestess Posts: 5,761 Karma: 5042529 Join Date: Jul 2008 Location: Montreuil sous bois, France Device: iPad Pro 9.7, iPhone 6 Plus	Thanks, it's true that you must trust a computer when you connect for the first time, I'd forgotten about that since I haven't changed my computer in some time. I'm not sure how robust Documents is, but at least it uses hardware encryption if you activate it in setting. So does GoodReader by the way, but I don't like GoodReader's interface. The main problem is the multiple copies of the same document you may have on your iThingie, since each app keeps a copy in its own space. It can be hard to keep track of that and delete the copies when no longer needed.

Advert