1

I'm wanting to use CloudKit public storage to power a messaging app. All messages would be stored on the public storage, with the sender and recipient Users as relationships, that way someone using my app can fetch all messages where they are the sender or recipient.

My concern is that those messages might be able to be read by others. I'm not sure if/how the database itself could be accessed from outside of my app, but if it could them someone would be able to see and read all those messages.

Under Security Roles for a Message, it's set to:

World: Read

Authenticated: Read, Create

Creator: Read, Create, Write

Meaning someone who is authenticated and created an object (a Message) can edit or delete it, a person authenticated can create new messages, and anyone can read messages.

I'm wondering if this "World" access is what opens me up to vulnerabilities, and perhaps setting only Authenticated and Creator as Read privilege would stop people from being able to access my data.

Andrew
  • 6,993
  • 10
  • 39
  • 72

1 Answers1

3

A public container is only accessible by applications that are developed with the same developers account. Access is enforced by the certificates that also sign your app. Your data will not be less secure that when you use any other system for the storage. You are in control of what can be done with the data. The queries and update methods in your app are what controls the security.

If you want a quick start, then have a look at https://github.com/evermeer/EVCloudKitDao

Edwin Vermeer
  • 12,666
  • 2
  • 31
  • 56
  • I just want to be sure somebody else couldn't pretend to be my authorized app, or somehow add in their own calls to be ran from inside the app, which would expose that data. – Andrew Dec 13 '15 at 13:31
  • I think in theory someone could jailbreak its iPhone, install your app and inject code. Then he still needs to be signed in with an iCloud account and all actions are still limited to the rights that you have set up. The default is that you can only update records that you also created. But that would almost be the same as someone loging in to a website and tried scripting updates to the system. Then just add jailbreak detection to your app: https://cocoapods.org/?q=jailbreak – Edwin Vermeer Dec 13 '15 at 13:43
  • But then they'd be able to read all messages, if they added a call to just get everything that's a message? There doesn't seem to be a permission to allow anyone who's linked to as a recipient, for example. – Andrew Dec 13 '15 at 14:51
  • @EdwinVermeer--Since CloudKit doesn't allow field-level security, you must give Write access to an entire RecordType if you want any user to be able to write to one specific field. However, if you don't want them writing to the rest of the fields, the only protection is the app's logic. Do you know if that's sufficient security for the rest of the fields? The obvious solution would be to split that one field into a separate table, but in my case that won't work because I use that field and others in sort indexes. (I wish CloudKit would allow joining tables like a relational database!) – James Toomey Oct 05 '18 at 15:31