What is the iOS way to provide a secure popup and store the user's agree/disagree response to some message in the secure enclave of the CPU chip? So even if you have a jailbroken phone, the user response is secure, only CPU and RAM are involved and the user response is securely stored?
iOS: Safe & secure user response on a jailbroken phone?
99 Views Asked by kurll At
1
There are 1 best solutions below
Related Questions in IOS
- URLSession requesting JSON array from server not working
- Incorrect display of LinearGradientBrush in IOS
- Module not found when building flutter app for IOS
- How to share metadata of an audio url file to a WhatsApp conversation with friends
- Occasional crash at NSURLSessionDataTask dataTaskWithRequest:completionHandler:
- Expo Deep linking on iOS is not working (because of Google sign-in?)
- On iOS, the keyboard does not offer a 6-character SMS code
- Hi, there is an error happened when I build my flutter app, after I'm installing firebase packages occurs that error
- The copy/paste functionalities don't work only on iOS in the Flutter app
- Hide LiveActivityIntent Button from Shortcuts App
- While Running Github Actions Pipeline: No Signing Certificate "iOS Development" found: No "iOS Development" signing certificate matching team ID
- Actionable notification api call not working in background
- Accessibility : Full keyboard access with scroll view in swiftui
- There is a problem with the request entity - You are not allowed to create 'iOS' profile with App ID 'XXXX'
- I am getting "binding has not yet been initialized" error when trying to connect firebase with flutter
Related Questions in SECURITY
- HTTPS configuration in Spring Boot, server returning timeout
- HSM ZKA control mask values
- OWASP Amass Subcommands
- Is there a need for BPF Linux namespace?
- Error when trying to execute a binary compiled in a Kali Linux machine on an Ubuntu system
- When sanitize/encode while implementing tags system like on SO
- spring security version in spring-boot-starter-security
- I am currently trying to implement a rudimentary firewall from a video I watched but the nimda worm detection is not working and i do not know why?
- Is it possible for `sudo` to fail temporarily with the correct password? Hacking suspected
- Is it viable proxying all my mobile apps requests, to some kind knowing that a request is coming from a secure source
- What abilities should I concentrate on while bug hunting, and how can I improve the quality of my bug bounty reports?
- System.ArgumentOutOfRangeException: I passed this error in every single program
- How to prevent users from creating custom client apps?
- Does server-side content security policy exist for youtube video player API, app, mod apks and website?
- Can we pass a hostname/IP address as a query string in a GET request in REST API
Related Questions in JAILBREAK
- How do I access an iOS app's SQLite database?
- Auto-start KOReader on startup of my jailbroken Kindle Voyage
- Why does this code deadlock on ios 15 and up?
- How can I hook Springboard and all apps to listen for a physical button press?
- jail-monkey isJailBroken() method returns false for Android emulator after React-Native upgrade
- auto resize cell heights
- Phone tricks and hidden layouts
- Find vmaddr_slide of main app binary externally (Apple iOS)
- iOS Configure: error: C compiler cannot create executables
- How does Firebase AppCheck in Flutter handle device integrity checks (e.g., rooted/jailbroken devices)?
- Jailbroken iOS: How to execute shell commands from app extensions?
- Which method is responsible for taking screenshots in Darwin OS?
- Will android root detection techniques work the same for rooted Oculus devices?
- How to read the content of a text file in an iOS tweak
- Debugging logos tweak on WKWebView
Related Questions in CONFIRMATION
- mat dialog is not opening properly if i click on any key then only it is opening
- I can't Create a account in UVA Online Judge
- How to set up separate confirmation email and website url for same mailchimp form when the form is submitted from different websites
- Using confirmation prompt with cl_salv_table
- Bypassing the "confirmation" page before redirecting back to webshop
- Delete event for custom stamps in pdftron
- Click delete -> change bg color -> click again to delete
- How do I remove-items in a folder without the confirm box popping up?
- Ruby - devise : confirmations_controller stop registrations_controller
- How to create a pop-up confirmation message button href in Flask Jinja
- Powershell, pass an answer to a script that requires a choice
- Checkout and buy confirmation with Snipcart and Strapi
- CAN frames "package length" identifier
- Changing Roles in WooC based on Order Status
- How to make a confirmation page in Javascript with a user's inputs from HTML
Related Questions in ENCLAVE
- Can Process B (with eid) Interact with an Enclave after Process A Has Established a Connection?
- I run Scone in Hardware Mode but occured a problem(Enclave terminated due to signal: Illegal instruction)
- Running nitro enclaves and on Amazon EKS and getting Insufficient hugepages-2Mi on pods
- How to solve SGX Exception 4012?
- 'failed to load enclave' in hardware mode with Intel SGX
- SGX enclave debugging
- How to create Enclave using Intel SGX SDK on LINUX
- How to decrypt the CiphertextForRecipient using the private key in the enclave?
- Apple secure enclave with RFC6979
- SQL Server Always Encrypted w/ Secure Enclave - Key Management Strategy
- Porting LUA to SGX application
- AWS Nitro Enclave Socket Connection to Database
- Integration of Intel SGX and MYsql server
- Run arbitrary app in a secure enclave (SGX)
- How to prove the data are generated or calculated by TEE (e.g., Intel SGX)?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
The screen contents and touch sensor are completely controlled by the application processor. Any attacker in control of those will be able to intercept and change anything displayed on the screen and received by the touch sensor. Note though that this is the case regardless of whether the device is jailbroken or not.
The only thing actually out of reach of the application processor input-wise would be TouchID/FaceID - you could ask for confirmation that way, but then you have the problem of handling it in your application. If your communication endpoints are SEP <--> your server, then you could have an RSA private key stored in SEP and have the server send a nonce that is to be signed. But if communication is SEP <--> your app, an attacker can just inject into your app and make it think it received what it wanted to see.