How safe is the shared container for an App Group?

Question

Created Jul ’15

Replies 6

Boosts 0

Views 4.3k

Participants 3

In order for data (contained within a number of our created apps) such as user IDs, email addresses and user specific text stings to be shared between apps, we are considering saving this data to the shared container's NSUserDefaults using an app group.

We would like to ask you the following question:

How safe is the shared container for an App Group from a security perspective?

We searched for an official Apple document, however, we were unable to find material stating clearly the safety of an app group's shared container.

Below is what material we found through our investigation.

- https://developer.apple.com/library/prerelease/ios/documentation/General/Conceptual/WatchKitProgrammingGuide/DesigningaWatchKitApp.html#//apple_ref/doc/uid/TP40014969-CH3-SW1

　Overview > WatchKit App Architecture > Sharing Data with Your Containing iOS App

　"An app group is a secure container that multiple processes can access."

- https://www.apple.com/business/docs/iOS_Security_Guide.pdf

If there is any other information (aside from the above) related to the safety of an app group's shared container, could you let us know?

Specifically, it would greatly help us to know when compared to a keychain if whether it has the same amount of security.

Furthermore, though we are aware that keychain sharing exists as a security method aside from an app group, since with our apps "Provisioning Profile" is different for each app, we are unable to use this method. Thus, we are considering data linking through an App Group instead.

Boost

Answer 1

DTS Engineer OP

Apple

Jul ’15

What sort of safety do you care about? Safety from malicious access? Safety from data loss?

And if it's the former, what sort of malicious access do you care about? Specifically, are you try to protect data from threats to the user? Or keep data from the user themselves?

Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 2

Security Engineer OP

Apple

Jul ’15

The security around the group container is the same as the security around a regular container, with the difference that it can be accessed from any process signed with the appropriate AppGroup ID. You can use Data Protection and store your content in Class A if you want to make it's only available when the device is unlocked.

0

Answer 3

kenaki OP

Jul ’15

Thank you for your response.

Our concern is with the safety from malicious access.

First, we are concerned as to whether a user's data–without their intent-can be stolen by someone with malicious intent or other apps.

And second, if whether a device owner with ill intent can use a fraudulent app to extract data.

0

Answer 4

DTS Engineer OP

Apple

Jul ’15

Then it's what POM said. From a security perspective the only difference between a group container and your app's standard container is that multiple apps from the same team can access the group container. So, as long as you trust yourself (-: the group container raises no additional security concerns.

Actually, the above is a little too glib. The attack surface of your app's standard container is just your app. The attack surface of a group container is all apps that you ship that can access that container. That's likely to be larger, and thus there is a difference in the security.

Whether that's a significant difference is something for you to decide.

Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 5

kenaki OP

Jul ’15

Thank you for your reply.

We were able to gain a better understanding about the differences between the [Group] and [Standard] containers.

We'd like to ask you one more question about the [Group Container]. How do you differentiate the [Group Container] from [Keychain Sharing] for usage?

We believe the following points apply to both:

- The same data is accessible from multiple apps that meet specific conditions

- Attack surface isn't just one app but multiple apps that meet specific conditions

Could you tell us how to differentiate the [Group Container] from [Keychain Sharing] for usage?

0

Answer 6

DTS Engineer OP

Apple

Jul ’15

I'm not sure I fully understand your question but I believe that the following will help: A keychains group is to the standard keychain as an app group container is to the standard app container.

That is, the only difference between group vs standard, security-wise, is that multiple apps from the your team have access to the group.

Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0