Security
The security of the IOTA wallet relies on the following:
- iOS App Sandbox
- Minimisation of Unencrypted keys in memory.
- Encrypted at rest storage.
iOS by default sandboxes every application that a user has on their phone.
The wallet's primary defence is the application sandbox. This protects the wallet's memory when in use, stopping attackers who have physical access to the device from dumping the memory and analysing the data for the seed.
In terms of external attacks, the application only ever communicates with the outside world through the IOTA javascript client library. Additionally the configured remote node is the only host it will communicate with.
However the sandbox can be breached if the device is jailbroken. These devices are vastly less secure as the process breaks the protections built into iOS.
The application is designed not to store the seed in memory. Every time the seed is used in an IOTA related function it is loaded from the iOS keychain, decrypted, used and destroyed. This process, while creating overhead in the application, is necessary to minimise the possibility of capturing the seed when a attacker has successfully gained access to the sandbox memory.
For uses who trust the iOS sandbox, the hashed password/decryption key of the secretbox can be held in memory for convenience (Auto syncing with the tangle, generating addresses, etc). This option decreases the security of the application (if the sandbox is breached) but there are means of mitigating the possible threat. The application can sense when the application goes into background mode (switching apps or locking the phone) then it can then dump the decryption key from memory. This is a reasonable trade off for convenience, if the user makes sure that the app is never left open alone.
The wallet stores the seed in the iOS keychain. This is a special part of the OS that is reserved for sensitive data. This data is only accessible by the iOS wallet application and only when the device is unencrypted (i.e unlocked or without passcode).
Not only is this partition protected from external sources, if an attacker is able to access this storage the keys are faced with a encrypted 'box' that is encrypted with the application login password. At this level of effort it would be easier to find other means of retrieving the key from you personally.
Updated - 6/6