Security surrounding the iOS shared NSHTTPCookieStorage -
i'm struggling find exact details on this, i'm hoping here. i'm looking information regarding underlying storage mechanism of ios shared nshttpcookiestorage:
- when cookies stored using shared nshttpcookiestorage, there encryption provided default, such use of keychain services? or cookies stored in plaintext using nsuserdefaults?
- i understand cookies stored within app's sandbox, other apps not have access, understanding correct physical access device can access app's cookies , values (especially if stored unencrypted)?
if 1 had handle sensitive data in cookies wanted utilise default cookie handling/storage (shared nshttpcookiestorage) of nsurlsession apis instance, best option?
sorry, know i've asked 3 separate questions on appreciated.
thanks.
i don't know how cookies stored, all application files encrypted on ios, aes256 key specific app. keys derived other keys come "secure enclave" within cpu chip, release keys when user unlocks device. (apple has pretty comprehensive security white-paper ios describes in detail.)
for reason it's quite difficult access files on ios, physical access, unless can device's passcode , unlock it. regular cookie storage secure enough purposes.