iTunes UI File Sharing Enabled

iTunes UI File Sharing Enabled

Risk: low

Description

When file sharing is enabled, UIFileSharingEnabled is set to true, and the entire Documents folder is used for file sharing.

Files not intended for user access via the file sharing feature should be stored in another part of the application's bundle. An attacker can use physical access to the iOS device to gain access to them by abusing the file sharing feature in the application.

Recommendation

Make sure files containing sensitive information are not copied to the Documents directory. If your app does not need this functionality, set the UIFileSharingEnabled flag in the Info.plist file to false or delete the option.

Links

• Common Weakness Enumeration CWE-359
• Apple Developer documentation

Standards

• OWASP_MASVS_L1:
  • MSTG_STORAGE_6
• OWASP_MASVS_L2:
  • MSTG_STORAGE_6
• PCI_STANDARDS:
  • REQ_2_2
  • REQ_3_5
  • REQ_6_2