As I have mentioned before on this blog, I’m currently designing an iPad app and I want to build it with security in mind. Even though I don’t think I’ll be a hacking target (not enough money in it for them, and I suck at marketing), I still want to make sure that it’s secure. I can then use myself as a model for everyone else.
My app is distributed to tablets with preloaded content. However, the strength of the app is the ability for me to upload additional content which users then pay for (or a portion thereof) if they decide to download it. But how do I distribute this data securely?
From my perspective there are three key things:
Below is what I was thinking originally:
But how can I accomplish this?
My solution is to use encryption – even if the hacker intercepts the data it is useless to him. And in order to download the data, the app has to identify itself as legitimate, or do something only a legitimate application would or could do. For the past 48 hours, I have been pondering two models:
Model 1 – Transfer the data over an encrypted connection (such as SSL) and make the application identify itself
This architecture prevents a hacker from stealing the data in transit, and it also makes the user identify itself with a token that I would distribute as part of the application. Since the code isn’t public, a hacker would have to steal the code in order to reverse engineer it and present the token.
To do this option:
That’s option 1.
Model 2 – Pre-encrypt the data and transfer it over an unsecured connection and then decrypt it on the tablet
This architecture doesn’t care if the hacker intercepts the data in transmit or impersonates a real device. Since the data is encrypted, and since only the web server and the tablet device know the secret key, only real users can decrypt the data. The hacker would have to acquire or reverse engineer the code in order to use it, and if they can do that, I’ve got bigger problems.
To implement this option:
This option is simpler than the first one.
Which one should I go with?
I’m having a very hard time deciding. I’ve talked to people and technically speaking, there is no real advantage to doing it either way. They both encrypt the data. But there are other advantages with one model over the other:
That’s my Secure Data Transfer model and why I am selecting it. If you have any suggestions, feel free to leave them in the comments.