Mobile TOTALData Encryption Exceptions and Comments

Appdome offers TOTALDataTM Encryption as part of the Appdome Mobile Security Suite. TOTALDataTM Encryption can be found under Appdome Security Suite.

With mobile TOTALDataTM Encryption enabled, all stored data generated by the app is encrypted at runtime using industry standard AES 256  cryptographic protocols.  With Appdome, encryption is accomplished dynamically, without any dependencies on the data structure, databases or file structures.

TOTALDataTM Encryption elements include all types of files (text, office, PDF etc.), databases (SQLLITE, Oracle, Realm etc.), cached information, preferences, XML data and all other data generated by the application as part of its life-cycle.

In addition, with TOTALCode™ Obfuscation, Appdome allows you to obfuscate the files that are bundled with the application at packaging time which is essential to the application installation process.  TOTALCode™ Obfuscation can be found under ONEShield™ by Appdome.

See below data encryption exceptions and comments:

File Type/Path/Extension  Relevant
OS 
Exceptions and Comments
Media files:
*.jpg,*.jpeg,*.png,*.gif,*.wav,*.mp2,
*.mp3,*.ogg,*.aac,*.mpg,*.mpeg,*.mid,
*.midi,*.smf,*.jet,*.rtttl,*.imy,*.xmf,
*.mp4, *.m4a, *.m4v,*.3gp,*.3gpp,
*.3g2, *.3gpp2,*.amr,*.awb,*.wma,
*.wmv,*.webm
iOS & Android Encrypted by default. Can be Encrypted while using external media player components by enabling Smart Media Sharing.
Web files:
Fonts: *.woff’, *.woff2, *.eot, *.otf’, *.ttf
Images: *.jpeg, *.jpg, *.svg, *.webp, *.gif, *.png, *.bmp
Pages: *.html, *.htm, *.asp, *.aspx, *.php, *.php?
Resources: *.css, *.js, *.json, *.jsp, *.jsf
iOS & Android Encrypted by default. These files can be excluded to improve performance for apps heavily dependant on internal web content.
Plist files under
/Library/Preferences
iOS Plist files under /Library/Preferences are accessed both by the OS and by the application.
AppDome encrypts the key/value pairs that are not required by the OS. Publicly available key/value pairs are not encrypted (as required by Apple).
All other keys/pair values including programmatically generated by the developer are always encrypted.
Snapshots are taken by the OS
to facilitate application switching
iOS AppDome provides the ability to blur the snapshots taken by the OS. These files cannot be encrypted (as required by Apple).
Photos iOS Photos stored to the camera roll (shared storage) are not encrypted in order to facilitate normal device/application picture sharing behavior (required by Apple).
Cache.DB iOS Contains metadata for browsing info and is managed by the OS. This file is not encrypted (required by Apple).
com.apple.opengl/
com.android.opengl.shaders_cache/
iOS & Android These files contain shader(s) intermediate info and are managed by the OS, and are not encrypted (required by Apple and Android).
Plist files under /Library/SyncedPreferences/ iOS These files are used by iCloud to sync its state (not data), and are not encrypted (required by Apple).
*.pflock iOS These files are used by the OS to obtain database locks (no data), and are not encrypted (required by Apple).
Keychain iOS By design, items stored in the Keychain are encrypted by Apple.
You can use AppdomeSSO+ to encrypt authentication related Keychain entries on top of the Apple encryption mechanism.
Keystore Android By design items saved in the Android Keystore are managed and encrypted by the Android OS (required by Android).
External
download managers
Android Applications leveraging external download managers which download content outside of the application’s control may generate non-encrypted files.
Appdome can obfuscate those files as part of Secure Download.
WKWebView files

/WebKit/NetworkCache/

iOS & Android These files are generated by an external WebView or WebKit component (not part of the application), and contain non-sensitive cached data such as public cookies and HTML files.
Appdome recommends as a common practice, where possible, to avoid using cached information.
app_webview/*
org.chromium.android_webview/*
com.google.android.webview/*
 Android Applications utilizing chrome’s app_webview interface may generate non-sensitive data in a form of cookies, that is to be left clear-text for chrome to function properly (required by Android).
SQLite webdatabase cache files Android Applications utilizing chrome’s web database interface may generate non-sensitive cache data, that are to be left clear-text for chrome to function properly (required by Android).
*.dex, *.jar, *.apk, *.so Android Android requires executables and extensions of the application code and libraries to be accessible in clear text form.
Appdome can obfuscate those files as part of TOTALCodeTM Obfuscation.
/libcrypto.*, /libssl.* iOS & Android These files and dynamic libraries which are loaded and managed by the OS, and must be in clear text form (required by Android).

Appdome can obfuscate those files as part of TOTALCodeTM Obfuscation.

/com.apple.metal/*,
/var/mobile/Library/Caches/*
/com.apple.keyboards/*;
iOS These files and dynamic libraries which are loaded and managed by the OS , and must be in clear text form (required by Android).
/com.crashlytics.data/*, /.Fabric/com.crashlytics.sdk.android
.crashlytics-core/*
iOS & Android These files are used by crashlytics framework and must be saved in clear text form for crashlytics reports to be sent correctly.

How Do I Learn More?

To zoom out on this topic, visit  Appdome for Mobile App Security on our website.

Request a demo at any time.

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Liron Dror

Have a question?

Ask an expert