Security in iOS is related to data security, transport security, code security, etc
Securing Data in iTunes Backups
If we want our app data to be protected against iTunes backups, we have to skip our app data from being backed up in iTunes.
Whenever iOS device backed up using iTunes on macOS, all the data stored by all the apps is copied in that backup and stored on backing computer.
But we can exclude our app data from this backup using URLResourceKey.isExcludedFromBackupKey key.
Here is the directory structure of our app:
Note: Generally sensitive data is stored in 'Application Support' directory.
e.g. If we want to exclude all our data stored in Application Support directory then we can use above mentioned key as follow:
There are lots of tools available to see iTunes backups for all the backed up data to confirm whether above approach works or not. iExplorer is good one to explore iTunes backups.
Transport Security using SSL
iOS apps needs to be written in a way to provide security to data which is being transported over network.
SSL is the common way to do it.
Whenever app tries to call web services to pull or push data to servers, it should use SSL over HTTP, i.e. HTTPS.
To do this, app must call https://server.com/part such web services and not http://server.com/part.
In this case, app needs to trust the server server.com using SSL certificate.
Here is the example of validating server trust-
Implement URLSessionDelegate as:
Here is trust manager: (couldn't found Swift code)
Server_Public_SSL_Cert.der is servers' public SSL key.
Using this approach our app can make sure that it is communicating to the intended server and no one is intercepting the app-server communication.
This modified text is an extract of the original Stack Overflow Documentation created by following contributors and released under CC BY-SA 3.0