How can an app prove that it is, in fact, encrypting data?

Apps like Password Managers and such claim to encrypt your sensitive data, and only transmit and store your data on their servers in encrypted form, never in plain text. But how are we supposed to believe that? Just take their word for it? Who's to say that their developers won't accidentally (or intentionally!) make a mistake in their code at some point and get to see your sensitive data?

I am asking because I am currently writing an app using the Swift-Crypto package to do AES encryption. I save the user's data in encrypted form in Core Data on the device as well as mirror it on their iCloud account using CloudKit. When I submit the app to Apple for review, without looking at the source code, will they be able to verify 100% that my app actually and correctly encrypts all the data so that users can confidently trust that their data will be safe? How can we be sure?

Up vote post of Teslum Down vote post of Teslum
838 views
Posted by
Teslum
Reply
Add a Comment

Replies

How can an app prove that it is, in fact, encrypting data?

It can’t. Even if the developer could mathematically prove that their code encrypts correctly, such a proof would depend on the underlying platform being proved secure and Apple offers no such proofs for our platforms.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Proving a negative is... difficult.

There are myriad ways to go wrong with data encryption.

One common mistake is using encryption for certain data, where a cryptographic hash would be more appropriate.

Claiming data security can involve open-sourcing at least some of the storage-related details if not the related code (and also allowing reverse-engineering for the related area), or can involve the performance of an outside audit. Even then, it's still exceedingly difficult to prove that no backdoors exist, and that critical members of technical staff are not themselves compromised.

It's also seldom a vulnerability in the encryption itself that's targeted—AES and TLS and Argon2 are decently secure—it's usually something around the encryption or key management that's targeted. Or the people.

Upgrading to newer encryption or newer hashes tends to be an interesting discussion for developers too, and one that some apps are ill-prepared for.

With third-party password managers, arguably the biggest problems folks have had have involved apps that vaporized.

Posted by
Hoffman
Post not yet marked as solved Up vote reply of Hoffman Down vote reply of Hoffman
Add a Comment