Add-On-Security

Encrypted Storage

By default, all the data stored by the SDK on the device is inside the application sandbox. This prevents other applications from accessing the data(both read and write). Though due to compliance standards or any other use cases, you might want additionally encrypt the data stored on the SDK.

Keychain Set Up

To ensure the encryption works as expected, follow the below steps to set up the Keychain Sharing.

    1. Turn on Keychain sharing in Xcode with the below steps: 

      a. Select your app target and click the Signing & Capabilities tab.

      b. Turn on the Keychain Sharing capability.
      Screenshot_2023-03-30_at_12.21.36_PM.png
    2. Specify the Keychain group name

Screenshot_2023-03-30_at_12.23.06_PM.png

         3.  App ID Prefix and Keychain group name: Xcode automatically prefixes keychain groups with your team ID. This ensures that your groups are specific to your development team. In order to see how it works click on the .entitlements file and look at the value of the Keychain Access Groups array.

Screenshot_2023-03-30_at_12.24.23_PM.png

          4. Get your AppID: The App ID Prefix (also called Team ID) is a unique text identifier associated with your Apple developer account that allows sharing keychain and pasteboard items between your apps.

Assume the AppID is AB123CDE45 , Keychain group name would be AB123CDE45.com.example.sharedItems . Make sure to pass the same keychain group name to MoEngage SDK via  keyChainConfig property on MoEngageSDKConfig object.

Enabling Encryption

You can enable the storage encryption by setting the storageConfig property on the MoEngageSDKConfig while initializing the SDK.

Swift Objective-C
  let sdkConfig = MoEngageSDKConfig(withAppID: "YOUR_APP_ID")
  sdkConfig.storageConfig = MoEngageStorageConfig(encryptionConfig: MoEngageStorageEncryptionConfig(isEncryptionEnabled: true))
  sdkConfig.keyChainConfig = MoEngageKeyChainConfig(groupName: "YOUR_KEYCHAIN_GROUP_NAME")

Note:

  • Once storage encryption is enabled and a build is released to production(App Store), you should not disable encryption. Disabling the encryption after the build is released will result in a new user being created in the MoEngage system when the user updates the application.

Encrypted Network Communication

By default, we use HTTPS protocol for all requests made from the SDK, HTTPS encrypts the requests by default. MoEngage SDK optionally adds another layer of encryption apart from the encryption done by HTTPS.

Enabling Encryption

You can enable the storage encryption setting the

networkConfig property on the MoEngageSDKConfig while initializing the SDK.

Swift Objective-C
let sdkConfig = MoEngageSDKConfig(withAppID: appId)
sdkConfig.networkConfig = MoEngageNetworkRequestConfig(dataSecurityConfig:  MoEngageNetworkDataSecurityConfig(isEncryptionEnabled: true, encryptionKeyDebug: "YOUR_TEST_ENVIRONMENT_ENCRYPTION_KEY", encryptionKeyRelease: "YOUR_LIVE_ENVIRONMENT_ENCRYPTION_KEY"))

 

Note: When using encrypted network communication we strongly recommend you enable Storage encryption as well.

 

info

Note

Adding the above dependency and enabling the flag isn't enough for this feature to work, there is some additional configuration required on our side to enable this feature completely. In case you want to use this feature reach out to your account manager or drop us an email at support@moengage.com.

Was this article helpful?
0 out of 0 found this helpful

How can we improve this article?