PTKDMobile App Security
Knowledge base / PTKD-STO-FILESHARING
medium M9 MASVS-STORAGE-2 static analysis PTKD-STO-FILESHARING

iTunes file sharing enabled

UIFileSharingEnabled exposes the app's Documents directory over USB / Finder.

How it's exploited

UIFileSharingEnabled exposes the app's Documents directory in Finder/iTunes. Anyone with the unlocked device on a computer browses and copies whatever the app stored there.

Why it matters

Files assumed private (exports, caches, databases placed in Documents) are user-visible and trivially extracted.

How to fix it

  1. Disable file sharing unless the feature is deliberate.
  2. Keep sensitive files out of Documents; use Application Support with NSFileProtectionComplete and the Keychain for secrets.

References