Home » iOS Background Screen Caching


iOS Background Screen Caching

When the home key on an iPhone or iPad is pressed, a screenshot is immediately taken of the current application. This is done to generate an animation of the application which appears to “shrink” into the screen. The image is also stored for use as a thumbnail image for the running application. If sensitive information was displayed on screen at the time of the screenshot, serious security implications may arise. Personal information may unknowingly be stored unencrypted on the device. This image cache may allow an attacker with a stolen device to profile the victim and gather sensitive information. Below shows an example location of cached images generated on an iPad:

/var/mobile/Applications/[APP ID]/Library/Caches/Snapshots/com.AppName/UIApplicationAutomaticSnapshotDefault-LandscapeLeft.png

As a proof of concept we will download a New York City subway app, look up a subway route, and hit the home key while the app is in use. Below shows the screenshot obtained seconds after the home key is pressed:


While the above screenshot is relatively harmless, this will not always be the case when applications are handling personal information. In an ethical hacking assessment, the application should be reviewed for any pages which may display sensitive information on screen. All pages identified should implement compensating controls for this functionality. There are two possible ways to remediate this issue: Method 1: Overlay an image as the application enters the background state. The overlaid image will “mask” the current screen, thus covering any sensitive information which may be on screen. Below is sample code:

@property (UIImageView *)backgroundImage;

- (void)applicationDidEnterBackground:(UIApplication *)application {
    UIImageView *myBanner = [[UIImageView alloc] initWithImage:@"overlayImage.png"];
    self.backgroundImage = myBanner;
    [self.window addSubview:myBanner];

Method 2: The 2nd option is to explicitly mark the fields hidden via the View Controller. Below shows code to accomplish this:

- (void)applicationDidEnterBackground:(UIApplication *)application {
   viewController.accountNumber.hidden = YES;
   viewController.username.hidden = YES;
   viewController.SSN.hidden = YES;
   viewController.password.hidden = YES;
  • Application
  • Network
  • Mobile
  • AWS