What is app data?

Aidan Fitzpatrick
Posted by Aidan Fitzpatrick
Blog › Aidan's blog › What is app data?
Aidan Fitzpatrick by Aidan Fitzpatrick

Simply put, app data is data belonging to or created by apps. App data can be split into a few categories, including app content data, app cache data, app configuration data, app data exhaust, app platform data, and system-level app data.

This short guide seeks to explain what each type of app data looks like, and how and where it can be useful.

There is no platform specificity to any of these types of data. Apple's iOS stores this data on device, in backups, and on the iCloud. Their OS X operating system stores it in ~/Library folders, and Windows uses %APPDATA% for legacy and AppStore apps.

App content data

Almost all apps have some sort of core data to store, whether that is locally on the device they run on, in the cloud, or on a mixture of both. Locally-stored app content data could include messages from secure messaging platforms which do not leave traces of the message in the cloud to replay, or, more simply, image files from image editing programs, or saved game states from games.

Apple's CloudKit framework provides a mechanism for both iOS and OS X apps to store their data in an easily manageable way on the cloud. Typically, however, app vendors with significant cloud components tend to use platform-agnostic storage of app data, building on Amazon's S3 or EC2 services, for instance.

Providing access to this sort of app data is the core of Reincubate's products, enabling both businesses and agencies to access, interpret and build value around the data. Clients use this data for solutions from compliance through to child protection, and some of these are described in more detail on the Reincubate iCloud API product page.

App cache data

The divide between app content data and app cache data usually lies in the distinction between app data that is specific to a device and data that is tied to some sort of app user account.

Skype provides a good example of this distinction. It stores data centrally in the cloud, and it provides a rich source of both app content data and app cache data. The cloud provides the content data, and the clients on which the app runs provide rich sets of cache data, with messages, image content and logs describing behaviour.

App configuration data

App configuration data is the bundles of settings that apps store on how they are configured. Sometimes this is done centrally in the cloud -- as with a user's Slack preferences, propagating across all instances of that app on all platforms -- but equally sometimes it is specific only to a single instance of that app, for instance the iCloud Photo Library's sharing settings.

There are a variety of uses and needs for this data; examples include providing the identifier for a paired fitness tracker device or home monitoring service.

App data exhaust

This is data, or traces data created by the routine operation of the app. Many apps store data in app-specific log files, which can be a useful mechanism for understanding how and when the app has been used. In the absence of content, cache or configuration data, this exhaust may provide helpful clues or fragments, potentially including geotagged location information.

Many iOS and OS X apps use databases to store working data, and Reincubate’s proprietary undeletion technology can often be used to recover real content, cache or configuration data this way.

Reincubate also posses a number of robust proprietary techniques for providing data on app share of screen time, in part by analysing app data exhaust.

App platform data

App platform data is information and data held on an app with relation to the platform that it is on. This might be metadata, such as where Apple's iTunes service stores information on an app's icon, it's description, ratings and age sensivity.

However, it might also include data on the total number of app installs across a platform ("app market data"). Companies such as App Annie specialise in collecting and providing this data.

System-level app data

Finally, all devices which can run apps or work with app platforms include a level of system-level data, some or all of which is available through Reincubate's APIs, depending on the platform.

These can include all sorts of valuable information, ranging from usage periods or geopositioning data to sensitive information such as wireless networking credentials, or more significantly the user's keybag of credentials for systems that they've accessed.

Is app data insecure, and will app platforms eventually hide it?

No, there is nothing inherently insecure about app data. Apple's platforms in particular represent a strong implementation of many security good practises. They use both 2FA and 2SV (both supported by Reincubate) and proprietary encryptions so sophisticated that open source tools have been unable to access iOS 9 content for the entirety of the nine months since the platform was released. (Reincubate's platform supported iOS 9 in September 2015, when the OS was released.)

Looking to remove app data is to miss the point. It is necessary to store it somewhere for the essential functioning of apps. It could be removed from devices and left in the cloud, but that presents as many if not more potential avenues for vulnerability as storing it on-device. Storing app data solely in the cloud prevents an app from providing a rich environment when working offline, or with a slow connection. Besides, a degree of cache, configuration and exhaust is likely to be useful for the sound operation of many complex apps.

There are good questions to reflect on in this space:

  • As a user of app platforms, is one's account secured? 2FA / 2SV, OAuth, strong passwords.
  • Do users take steps to secure their backups using encryption and protection locations, and do the app platforms provide suitable defaults for this?
  • Does the app platform provide a mechanism to secure app data in this way? Apple do this, and additionally take advantage of the extra-strength encryption that their devices with A9X chipsets can provide.
  • Does the app platform regularly patch vulnerabilities and have a programme for reporting them?
  • Is the app platform exposed to bulk data collection or instrusion attempts from open source frameworks?
  • Does the app platform provide for additional levels of app-specific encryption and protection, and to app vendors take advantage of this? WeChat is a good example of an app with its own encryption scheme; WhatsApp an example of one which takes advantage of Apple's additional, optional protection classes.
  • Do apps take advantage of the app platform's own key protection system, or do they attempt to roll their own credential management system? Is this potentially vulnerable?
  • Do apps require encrypted backups for storage of sensitive data, such as Apple's HealthKit, or do they avoid backup storage altogether, such as the Apple Wallet data?

Add your comment