Security in iOS

Security is a major concern while making any applicaion.

Apple already have given tool to secure application. you just have to apply.

Lets discuss those here.

1. Keychain : It is used by the system to store data like passwords and certificates
2. Data Protection: It allows an app to encrypt and decrypt the files stored in their app directory. You can specify the security level by defining the protection, when you write data into file:

try data.write(to: fileURL, options: .completeFileProtection)

3. HTTPs: your connection will get secure when you define App Transport Security (ATS) blocks in your application. It requires all HTTP connections to be performed using HTTPS secured and it’s verified by the system. It checks the server certificate and check if it’s valid for this domain.

4. SSL Pinning : When apps exchange information, they typically use the Transport Layer Security (TLS) protocol to provide secure communications and it check only validity of certificate.

SSL pinning check validity of certificate and will ensure that client connect with targeted server as well. The main key of SSL pinning that server certificate will be saved in app bundle and we have to release new version of application when certificate get updated.

How SSL Pinning work:

• Client connects to server and ask to introduce itself.
• Server sends back certificate to client with public key.
• Client checks the validity of the certificate and creates a session key, then sends back to server after encrypts with public key.
• Server receives encrypted session key, decrypts by its private key, then sends acknowledge packet to client
• Client receives acknowledge and begin the session.

5. Push Notifications : This allows you to send either encrypted messages to your clients or use placeholders for sensitive data. For end-to-end encryption we can send push notifications to your users with Apple’s APNS services

6. CloudKit : Store structured app and user data in iCloud containers that all users of your app can share. CloudKit isn’t a replacement for your app’s existing data objects. Instead, CloudKit provides complementary services for managing the transfer of data to and from iCloud servers. Because it provides minimal offline caching support, CloudKit relies on the presence of the network and, optionally, a valid iCloud account. A valid iCloud account is only necessary when you want to save data that is specific to a single user. Apps can always store data in a public area that is readable by all users.

Reference: https://developer.apple.com/documentation/cloudkit

7. Apple’s App Sandbox : iOS app run in a sandbox to make sure the app can only access app’s unique home directory data. If an app wants to access data outside of its home directory it needs to use services provided by iOS, like the ones available for accessing iCloud data or the photo album.