Insecure storage in SQLite database

As we already studied, the iOS application interacts with local system in order to store persistent/temporary data and SQLite is the most preferred format to store persistent data.

Unless you are using encrypted variant of SQLite, the data stored in simple SQLite file is not secure. An attacker having access to the SQLite file can view its contents using any SQLite client.

Let's follow the given steps to find the insecure storage in SQLite files:

Start the Insecure Local Storage exercise from iGoat and it will look as follows:
Enter the credentials and select the Login option:
Download application files from /var/mobile/Containers/Data/Application ...

Get Learning iOS Penetration Testing now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Learning iOS Penetration Testing by Swaroop Yermalkar

Insecure storage in SQLite database

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly