Excluding Files, File Types, Media from Android & iOS Encryption

Appdome offers TOTALDataTM Encryption as part of the Appdome Mobile Security Suite. TOTALDataTM Encryption can be found under Appdome Security Suite. With mobile TOTALDataTM Encryption enabled, all stored data generated by the app is encrypted at runtime using industry standard AES 256 cryptographic protocols. With Appdome, encryption is accomplished dynamically, without any dependencies on the data structure, databases or file structures. TOTALDataTM Encryption elements include all types of files (text, office, PDF etc.), databases (SQLLITE, Oracle, Realm etc.), cached information, preferences, XML data and all other data generated by the application as part of its life-cycle. There may be situations where excluding files, file types, media from Android & iOS Encryption.

This knowledge base article reviews all the possible exceptions and exclusions available in TOTALData Encryption.

In addition to encrypting all data in the app, with TOTALCode™ Obfuscation, Appdome allows you to obfuscate the files that are bundled with the application at packaging time which is essential to the application installation process.

Easy Steps to Excluding Files, File Types, Media from Android & iOS Encryption

Here is the list of all the files that can be excluded from Android and iOS encryption.

File Type/Path/Extension Relevant
OS
Exceptions and Comments
Media files:
*.jpg,*.jpeg,*.png,*.gif,*.wav,*.mp2,
*.mp3,*.ogg,*.aac,*.mpg,*.mpeg,*.mid,
*.midi,*.smf,*.jet,*.rtttl,*.imy,*.xmf,
*.mp4, *.m4a, *.m4v,*.3gp,*.3gpp,
*.3g2, *.3gpp2,*.amr,*.awb,*.wma,
*.wmv,*.webm
iOS & AndroidEncrypted by default. Can be Encrypted while using external media player components by enabling Smart Media Sharing.
Web files:
Fonts: *.woff’, *.woff2, *.eot, *.otf’, *.ttf
Images: *.jpeg, *.jpg, *.svg, *.webp, *.gif, *.png, *.bmp
Pages: *.html, *.htm, *.asp, *.aspx, *.php, *.php?
Resources: *.css, *.js, *.json, *.jsp, *.jsf
iOS & AndroidEncrypted by default. These files can be excluded to improve performance for apps heavily dependant on internal web content.
Plist files under
/Library/Preferences
iOSPlist files under/Library/Preferences are accessed both by the OS and by the application.
AppDome encrypts the key/value pairs that are not required by the OS. Publicly available key/value pairs are not encrypted (as required by Apple).
All other keys/pair values including programmatically generated by the developer are always encrypted.
Snapshots are taken by the OS
to facilitate application switching
iOSAppDome provides the ability to blur the snapshots taken by the OS. These files cannot be encrypted (as required by Apple).
PhotosiOSPhotos stored to the camera roll (shared storage) are not encrypted in order to facilitate normal device/application picture sharing behavior (required by Apple).
Cache.DBiOSContains metadata for browsing info and is managed by the OS. This file is not encrypted (required by Apple).
com.apple.opengl/
com.android.opengl.shaders_cache/
iOS & AndroidThese files contain shader(s) intermediate info and are managed by the OS, and are not encrypted (required by Apple and Android).
Plist files under/Library/SyncedPreferences/iOSThese files are used by iCloud to sync its state (not data), and are not encrypted (required by Apple).
*.pflockiOSThese files are used by the OS to obtain database locks (no data), and are not encrypted (required by Apple).
KeychainiOSBy design, items stored in the Keychain are encrypted by Apple.
You can use AppdomeSSO+ to encrypt authentication related Keychain entries on top of the Apple encryption mechanism.
KeystoreAndroidBy design items saved in the Android Keystore are managed and encrypted by the Android OS (required by Android).
External
download managers
AndroidApplications leveraging external download managers which download content outside of the application’s control may generate non-encrypted files.
Appdome can obfuscate those files as part of Secure Download.
WKWebView files

/WebKit/NetworkCache/

iOS & AndroidThese files are generated by an external WebView or WebKit component (not part of the application), and contain non-sensitive cached data such as public cookies and HTML files.
Appdome recommends as a common practice, where possible, to avoid using cached information.
app_webview/*
org.chromium.android_webview/*
com.google.android.webview/*
AndroidApplications utilizing chrome’s app_webview interface may generate non-sensitive data in a form of cookies, that is to be left clear-text for chrome to function properly (required by Android).
SQLite webdatabase cache filesAndroidApplications utilizing chrome’s web database interface may generate non-sensitive cache data, that are to be left clear-text for chrome to function properly (required by Android).
*.dex, *.jar, *.apk, *.soAndroidAndroid requires executables and extensions of the application code and libraries to be accessible in clear text form.
Appdome can obfuscate those files as part of TOTALCodeTM Obfuscation.
/libcrypto.*,/libssl.*iOS & AndroidThese files and dynamic libraries which are loaded and managed by the OS, and must be in clear text form (required by Android).

Appdome can obfuscate those files as part of TOTALCodeTM Obfuscation.

/com.apple.metal/*,
/var/mobile/Library/Caches/*
/com.apple.keyboards/*;
iOSThese files and dynamic libraries which are loaded and managed by the OS , and must be in clear text form (required by Android).
/com.crashlytics.data/*,/.Fabric/com.crashlytics.sdk.android
.crashlytics-core/*
iOS & AndroidThese files are used by crashlytics framework and must be saved in clear text form for crashlytics reports to be sent correctly.

How Do I Learn More?

To zoom out on this topic, visit Appdome for Mobile App Security on our website.

Request a demo at any time.

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Liron Dror

Have a question?

Ask an expert

AlanMaking your security project a success!