Book Image

Learning iOS Security

Book Image

Learning iOS Security

Overview of this book

Table of Contents (13 chapters)

Backing up your device

What do most people do to maximize the security of iOS devices? Before we do anything, we need to take a backup of our devices. This protects the device from us by providing a restore point. This also secures the data from the possibility of losing it through a silly mistake. There are two ways, which are most commonly used to take backups: iCloud and iTunes. As the names imply, the first makes backups for the data on Apple's cloud service and the second on desktop computers.

We'll cover how to take a backup on iCloud first.

iCloud backups

An iCloud account comes with free storage, to back up your Apple devices. An iOS device takes a backup to Apple servers and can be restored when a new device is set up from those same servers (it's a screen that appears during the activation process of a new device. Also, it appears as an option in iTunes if you back up to iTunes over USB—covered later in this chapter).

Setting up and checking the status of iCloud backups is a straightforward process. From the Settings app, tap on iCloud and then Backup. As you can see from the Backup screen, you have two options, iCloud Backup, which enables automatic backups of the device to your iCloud account, and Back Up Now, which runs an immediate backup of the device.

iCloud backups

Allowing iCloud to take backups on devices is optional. As you'll see in Chapter 5, Mobile Device Management, and Chapter 6, Debugging and Conclusion, you can disable access to iCloud and iCloud backups. However, doing so is rarely a good idea as you are limiting the functionality of the device and putting the data on your device at risk, if that data isn't backed up another way such as through iTunes. Many people have reservations about storing data on public clouds; especially, data as private as phone data (texts, phone call history, and so on). For more information on Apple's security and privacy around iCloud, refer to If you do not trust Apple or its cloud, then you can also take a backup of your device using iTunes, described in the next section.

Taking backups using iTunes

Originally, iTunes was used to take backups for iOS devices. You can still use iTunes and it's likely you will have a second backup even if you are using iCloud, simply for a quick restore if nothing else.

Backups are usually pretty small. The reason is that the operating system is not part of backups, since users can't edit any of those files. Therefore, you can use an ipsw file (the operating system) to restore a device.

These are accessed through Apple Configurator (which is covered further in Chapter 4, Organizational Controls), or through iTunes if you have a restore file waiting to be installed. These can be seen in ~/Library/iTunes, and the name of the device and its software updates, as can be seen in the following screenshot:

IPSW files

Backups are stored in the ~/Library/Application Support/MobileSync/Backup directory. Here, you'll see a number of directories that are associated with the UDID of the devices, and within those, you'll see a number of files that make up the modular incremental backups beyond the initial backup. It's a pretty smart system and allows you to restore a device at different points in time without taking too long to perform each backup.

Backups are stored in the \Documents and Settings\USERNAME\Application Data\Apple Computer\MobileSync\Backup\ directory on Windows XP and in the \Users\USERNAME\AppData\Roaming\Apple Computer\MobileSync\Backup\ directory for newer operating systems.

To enable an iTunes back up, plug a device into a computer, and then open iTunes. Click on the device for it to show the device details screen. The top section of the screen is for Backups (in the following screenshot, you can set a back up to This computer, which takes a backup on the computer you are on).


I would recommend you to always choose the Encrypt iPhone backup option as it forces you to save a password in order to restore the back up.

Additionally, you can use the Back Up Now button to kick off the first back up, as shown in the following screenshot:


Viewing iOS data in iTunes

To show why it's important to encrypt backups, let's look at what can be pulled out of those backups. There are a few tools that can extract backups, provided you have a password. Here, we'll look at iBackup Extractor to view the backup of your browsing history, calendars, call history, contacts, iMessages, notes, photos, and voicemails.

To get started, download iBackup Extractor from When you open iBackup Extractor for the first time, simply choose the device backup you wish to extract in iBackup Extractor. As you can see in following screenshot, you will be prompted for a password in order to unlock the Backup keybag. Enter the password to unlock the system.

Unlock the backups

Note that the file tree in the following screenshot gives away some information on the structure of the iOS filesystem, or at least, the data stored in the backups of the iOS device, which we'll cover in detail in Chapter 6, Debugging and Conclusion. For now, simply click on Browser to see a list of files that can be extracted from the backup, as you can see in the next screenshot:

View device contents using iBackup Extractor

Note the prevalence of SQL databases in the files. Most apps use these types of databases to store data on devices. Also, check out the other options such as extracting notes (many that were possibly deleted), texts (some that have been deleted from devices), and other types of data from devices.

Now that we've exhausted backups and proven that you should really put a password in place for your back ups, let's finally get to some basic security tasks to be performed on these devices!