Hey, just started poking around at <https://github...
# touchlab-tools
s
Hey, just started poking around at https://github.com/russhwolf/multiplatform-settings Very neat, but I can't figure out if there's a way to get ObservableSettings that are also encrypted on iOS
r
There currently isn't. Keychain updates aren't natively observable on iOS. Here's a ticket that probably won't move ever unless iOS changes https://github.com/russhwolf/multiplatform-settings/issues/71
s
That's the answer I was afraid of.. Thanks 🙂
m
Out of curiosity, is there a real benefit of using encrypted settings? I would expect the OS to sandbox apps already so that the preferences are not readable by other processes than the app itself. And in the event that an attacker can run as the app process, encrypting the preferences will not help mucH?
s
Encrypted settings are tamper proof and, IIRC, stored on the Secure Enclave (iOS) and Titan-Mx (Android) chips.
Your app can require additional bio-metrics or password interaction to unlock the settings (data) stored on those chips. Eg you can store a Auth-Token in the encrypted settings.
(or the key to decrypt that token)
m
That makes sense I think but I still fail to understand how secure enclaves make it any harder for an attacker compared to rooting the phone and running a modified APK.
Is there some kind of verification chain that can make sure only code signed with my signing key can access the secure enclave? That sounds quite complicated to achieve.
Put it otherwise, is there any evidence of an exploit that would have been prevented by using encrypted settings?
s
There must be 🙂 . Apple and Google advocate to store sensitive data and auth/access-tokens, or at least keys that can de/encrypt those tokens on their secure chips. These chips are an extra layer of security, even on rooted phones, that even physical tampering (eg opening the phone and prying out/on that chip) won't work for the attacker (the chip will basically 'self-destruct' when that is attempted)
m
I take Google advice on security with a grain of salt hence my interrogations here. For physical tampering, I would expect the full disk to be encrypted these days (the famous NSA vs Apple case) so encrypting preferences on an already encrypted disk doesn't protect more against someone spying on the bus or unsoldering the flash memory (I think?).
If anyone has links, I'm happy to write a blog post about this, this is a long time questionning of mine 🙂
s
Those chips are pretty expensive and both Apple and Google thought it was a good idea to include them for the secure keystores. I know a few things about encryption and security, but i'm not an expert 🙂 In this way, I do trust Apple and Google to have a good reason to include them so that apps can use them. I think encrypting these types of things using these security chip is (yet) another layer of security, even if others fails (eg disk has been hacked, rooted, and even the disk decrypted).