Each time application security is ensured, it turns out that many people are not aware of this. For example, iOS takes a screen shot of the visible screen every time our application receives help information and is stored in local storage.
Now what I want to get rid of. I am developing an application that makes online financial transactions, and I want my application to be very powerful in terms of security. Here is the path where the screenshot is stored when my application receives wallpaper.
Path: / private / var / mobile / Applications / 15980ADD-B269-4EBE-9F52- B6275AFB195A / Library / Caches / Snapshots / com.ABC.myAppName / screenshotName.PNG
This is a stored image that looks very critical:
An even more critical scenario will be that the user enters their credit / debit card number, including CVV2 number and other important information, and can forcefully close the application for a while.
I did a little search on this subject, and I found out that in order for an attacker to be able to use this attack, he has two ways to access this:
An attacker needs physical access to the device in order to destroy the prison.
You must be on the same network as the user who has the prison device, and try to access the device remotely.
What could I do to avoid this? Is there any solution that allows an attacker to access confidential information in this way?
In addition, I got advice to include a blank screenshot or to remove a screenshot for the application when the application is conceived. But I do not know what to choose and how to do it. Is there any other alternative?
The answer and suggestion of this question will surely help me. Appreciate your advice.
Thanks in advance!
source share