If we take a look at OWASP Top 10 Mobile Risks, one of the top risks is insecure data storage. The iOS application interacts with the local system in order to store temporary as well as persistent data.
What if your credit card details are stored temporarily in WebKit cache? What if your login credentials are stored locally in plain text? What if the developers store OAuth token insecurely?
The major risk arises when an application stores sensitive information insecurely in both persistent as well as temporary formats.
In iOS, there are different formats to store the data locally, as follows:
XML and plist
SQLite files
Keychain data
Core Data
The
NSUserDefaults
classTemporary file—data cache
Log files
Each of this local storage has its own pros and cons. If the developers have not taken care of securing sensitive data, an attacker is more likely to access sensitive data on a device. An attacker having access to the rooted device can easily download application...