An answer on SO to a question on whether or not you could access stuff in the cache of Mobile Safari, stated that no, this was not possible, as each app runs in its own sandbox. I am unsure how this really answers the question on whether you can access the application, as even if each application lives in its own sandbox, not being able to access stuff on the outer filesystem, it might be that there is a way to access stuff in the sandbox from the outside. For instance, a VM lives inside of a sandbox, but one could still mount the filesystem in the VM from outside of the VM.
We make an app that makes use of a WKWebView and I would like to know whether caching images locally on the phone would enable an attacker to gain access to those images or if there are mechanisms built into iOS that prevents anyone with physical access to the device from getting to them.
I know that a lot of stuff is possible if a device is jailbroken, but there might be other ways as well?
Best Answer
The sandbox protects data from app A from being accessed by app B, it doesn't protect data against the OS or any OS-level access. And as has already been mentioned in the comments: Once an attacker gets physical access to a device, all bets are off anyway.
If you want to specifically protect data items you need to add encryption within your app to handle this.