1

I am having a hard time in searching for the best practice in securing sensitive data in iOS development using Swift.

I already implement some encryption and decryption using RNCryptor in my project. And not sure if it is enough.

I need some recommendation or practices I should do to improve my app's security. Thank you.

rmaddy
  • 314,917
  • 42
  • 532
  • 579
MJ-
  • 21
  • 3
  • This isn't a programming question and you're asking for a recommendation rather. Please read this guide on how to ask a good question: https://stackoverflow.com/help/how-to-ask – Glenn Posadas May 22 '19 at 03:39
  • Alright. Thank you sir. – MJ- May 22 '19 at 03:47

2 Answers2

0

Sensitive data should be stored in KeyChain or Secure Enclave(if hardware permits).

Best practices for iOS applications security

Joshua Francis Roman
  • 889
  • 4
  • 16
0

Keychain offers a secure alternative to saving sensitive data, such as user names and passwords, with NSUserDefaults, plist or similar methods.

As you might already know, NSUserDefaults is simple and effective for saving small, simple bits of data, like NSNumbers or NSStrings, to your device’s file system. But this data is in no way stored securely as hackers can access it pretty easily from the device.

Apple has provided the Keychain Services API to deal with this problem and help developers build apps that safely handle passwords and other sensitive information.

A keychain is defined in Apple’s documentation as:

Keychain is great because data encryption automatically is taken care of before it is stored in the file system so there is no need to waste time building encryption algorithms.

A keychain in both OS and iOS can be configured to lock. When locked it is impossible to access and decrypt stored keychain items. For iOS the keychain is locked when the device is locked and unlocked when the device is unlocked. Even when it is unlocked, only apps that have created an item can access it, unless configured otherwise.

Keychain also offers other features like:

Accessing keychain items across apps. Normally, an app only has access to items it created but configuration can be made to let it access data within a group of designated apps.

Securing user data with Keychain for iOS

Use

Apple’s own Keychain wrapper is called GenericKeychain and is available within the sample code in both Objective C and Swift.

Here are a few Keychain wrappers I recommend:

SwiftKeychainWrapper by Jason Rendel(jrendel)

SAMKeychain by Sam Soffes for Objective C.

Locksmith by Matthew Palmer for Swift. (Check out the video tutorial)

Hitesh Surani
  • 12,733
  • 6
  • 54
  • 65