Hey, just started poking around at <https://github...
# touchlab-toolss
StavFX
05/18/2023, 10:28 PMHey, just started poking around at https://github.com/russhwolf/multiplatform-settings
Very neat, but I can't figure out if there's a way to get ObservableSettings that are also encrypted on iOS
r
russhwolf
05/18/2023, 11:05 PMThere currently isn't. Keychain updates aren't natively observable on iOS. Here's a ticket that probably won't move ever unless iOS changes https://github.com/russhwolf/multiplatform-settings/issues/71
s
StavFX
05/19/2023, 12:22 AMThat's the answer I was afraid of.. Thanks 🙂
m
mbonnin
05/19/2023, 8:08 AMOut of curiosity, is there a real benefit of using encrypted settings? I would expect the OS to sandbox apps already so that the preferences are not readable by other processes than the app itself. And in the event that an attacker can run as the app process, encrypting the preferences will not help mucH?
s
streetsofboston
05/19/2023, 2:02 PMEncrypted settings are tamper proof and, IIRC, stored on the Secure Enclave (iOS) and Titan-Mx (Android) chips.
streetsofboston
05/19/2023, 2:03 PMYour app can require additional bio-metrics or password interaction to unlock the settings (data) stored on those chips. Eg you can store a Auth-Token in the encrypted settings.
streetsofboston
05/19/2023, 2:03 PM(or the key to decrypt that token)
m
mbonnin
05/19/2023, 2:16 PMThat makes sense I think but I still fail to understand how secure enclaves make it any harder for an attacker compared to rooting the phone and running a modified APK.
mbonnin
05/19/2023, 2:18 PMIs there some kind of verification chain that can make sure only code signed with my signing key can access the secure enclave? That sounds quite complicated to achieve.
mbonnin
05/19/2023, 2:19 PMPut it otherwise, is there any evidence of an exploit that would have been prevented by using encrypted settings?
s
streetsofboston
05/19/2023, 2:25 PMThere must be 🙂 . Apple and Google advocate to store sensitive data and auth/access-tokens, or at least keys that can de/encrypt those tokens on their secure chips.
These chips are an extra layer of security, even on rooted phones, that even physical tampering (eg opening the phone and prying out/on that chip) won't work for the attacker (the chip will basically 'self-destruct' when that is attempted)
m
mbonnin
05/19/2023, 2:30 PMI take Google advice on security with a grain of salt hence my interrogations here. For physical tampering, I would expect the full disk to be encrypted these days (the famous NSA vs Apple case) so encrypting preferences on an already encrypted disk doesn't protect more against someone spying on the bus or unsoldering the flash memory (I think?).
mbonnin
05/19/2023, 2:31 PMIf anyone has links, I'm happy to write a blog post about this, this is a long time questionning of mine 🙂
s
streetsofboston
05/19/2023, 2:45 PMThose chips are pretty expensive and both Apple and Google thought it was a good idea to include them for the secure keystores.
I know a few things about encryption and security, but i'm not an expert 🙂 In this way, I do trust Apple and Google to have a good reason to include them so that apps can use them.
I think encrypting these types of things using these security chip is (yet) another layer of security, even if others fails (eg disk has been hacked, rooted, and even the disk decrypted).
9 Views