How to Encrypt iOS App Photos Outside Camera Roll Using AI
This Knowledge Base article describes how to use Appdome’s AI/ML in your CI/CD pipeline to continuously deliver plugins that Prevent other iOS apps from accessing your app's photos in iOS apps.
What Is App Only Photos Access?
App photos taken within mobile apps can be a privacy risk if they are accessible by other apps on the device, as this opens up possibilities for unauthorized access or data leaks. When a photo is stored in the general camera roll or shared with other apps, attackers or malicious apps can access sensitive images. This exposure can lead to unintended data sharing, breaches of privacy, or legal compliance issues for industries such as finance or healthcare, where the confidentiality of data is paramount. Preventing cross-app access to photos is critical for maintaining the privacy and integrity of app data. Restricting cross-app access to photos also helps apps comply with privacy regulations, such as GDPR and HIPAA, ensuring sensitive images remain private and reducing the risk of exploitation by malicious apps or third-party actors.
How Appdome Against Unauthorized Access to App Photos?
Appdome’s dynamic App Only Photos plugin for iOS defends against unauthorized access to photos taken within the app by securely storing them in the app’s private file system, inaccessible to other apps on the device. The plugin intercepts the photo-saving process and encrypts photos with AES 256 encryption using TOTALData Encryption, ensuring they remain unreadable even if accessed. By isolating and protecting app-stored photos, this feature safeguards against data breaches and unauthorized access.
Prerequisites for Using Appdome's App Only Photos Plugins:
To use Appdome’s mobile app security build system to Prevent other iOS apps from accessing your app's photos , you’ll need:
- Appdome account (create a free Appdome account here)
- A license for App Only Photos
- Mobile App (.ipa for iOS)
- Signing Credentials (see Signing Secure Android apps and Signing Secure iOS apps)
How to Implement Prevent other iOS apps from accessing your app's photos in iOS Apps Using Appdome
On Appdome, follow these 3 simple steps to create self-defending iOS Apps that Prevent other iOS apps from accessing your app's photos without an SDK or gateway:
-
Designate the Mobile App to be protected.
-
Upload an app via the Appdome Mobile Defense platform GUI or via Appdome’s DEV-API or CI/CD Plugins.
-
iOS Formats: .ipa
-
App Only Photos is compatible with: Obj-C, Java, Swift, Flutter, React Native, Unity, Xamarin, Cordova and other iOS apps.
-
-
Select the defense: App Only Photos.
-
-
Follow the steps in Sections 2.2-2.2.2 of this article to add the App Only Photos feature to your Fusion Set via the Appdome Console.
-
When you select the App Only Photos you'll notice that the Fusion Set you created in step 2.1 now bears the icon of the protection category that contains App Only Photos.
Figure 2: Fusion Set that displays the newly added App Only Photos protection
Note: Annotating the Fusion Set to identify the protection(s) selected is optional only (not mandatory). -
Open the Fusion Set Detail Summary by clicking the “...” symbol on the far-right corner of the Fusion Set. Copy the Fusion Set ID from the Fusion Set Detail Summary (as shown below):
Figure 3: Fusion Set Detail Summary
-
Follow the instructions below to use the Fusion Set ID inside any standard mobile DevOps or CI/CD toolkit like Bitrise, Jenkins, Travis, Team City, Circle CI or other system:
-
Refer to the Appdome API Reference Guide for API building instructions.
-
Look for sample APIs in Appdome’s GitHub Repository.
-
Create and name the Fusion Set (security template) that will contain the App Only Photos feature as shown below:
Figure 1: Fusion Set that will contain the App Only Photos feature
-
-
Add the App Only Photos feature to your security template.
-
Navigate to Build > Anti ATO tab > Social Engineering Prevention section in the Appdome Console.
-
Toggle On App Only Photos.
Figure 4: Selecting Prevent other iOS apps from accessing your app's photos
Note: The Appdome Platform displays the Mobile Operation Systems supported by each defense in real-time. For more details, see our OS Support Policy KB. -
Configure the User Experience Options for App Only Photos:
With Threat-Events™ OFF, Appdome provides several user experience options for mobile brands and developers.- App Compromise Notification: Customize the pop-up or toast Appdome uses to notify the user when a threat is present while using the protected mobile app.
- Short message Option. This is available for mobile devices that allow a banner notification for security events.
-
Localized Message Option. Allows Appdome users to support global languages in security notifications.
Figure 5: Default User Experience Options for Appdome’s other iOS apps from accessing your app's photos
-
App Only Photos Threat Code™. Appdome uses AI/ML to generate a unique code each time App Only Photos is triggered by an active threat on the mobile device. Use the code in Appdome Threat Resolution Center™ to help end users identify, find and resolve active threats on the personal mobile devices.
- Optional Configuration with App Only Photos:
- Combined Camera Roll
Make the public (device) camera roll accessible to your application. Private photos will only be accessible to your application.
- Photos Favicon
Add this customized icon as a favicon to private photos’ thumbnails.
-
Congratulations! The App Only Photos protection is now added to the mobile app -
-
Certify the App Only Photos feature in iOS Apps
After building App Only Photos, Appdome generates a Certified Secure™ certificate to guarantee that the App Only Photos protection has been added and is protecting the app. To verify that the App Only Photos protection has been added to the mobile app, locate the protection in the Certified Secure™ certificate as shown below:
Figure 6: Certified Secure™ certificate
Each Certified Secure™ certificate provides DevOps and DevSecOps organizations the entire workflow summary, audit trail of each build, and proof of protection that App Only Photos has been added to each iOS app. Certified Secure provides instant and in-line DevSecOps compliance certification that App Only Photos and other mobile app security features are in each build of the mobile app.
Using Appdome, there are no development or coding prerequisites to build secured iOS Apps by using App Only Photos. There is no SDK and no library to code or implement in the app and no gateway to deploy in your network. All protections are built into each app and the resulting app is self-defending and self-protecting.
Releasing and Publishing Mobile Apps with App Only Photos
After successfully securing your app by using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:
- Customizing, Configuring & Branding Secure Mobile Apps.
- Deploying/Publishing Secure mobile apps to Public or Private app stores.
- Releasing Secured Android & iOS Apps built on Appdome.
Related Articles:
Blur Application Screens for Mobile User Privacy in iOS Apps
How to Protect iOS Apps from Screen Sharing Malware
How to Protect Android & iOS Apps from Copy/Paste Attacks
How Do I Learn More?
If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.
